The VuFind® project takes security seriously, and the code is written with security in mind. However, every application can have unanticipated security holes, and even a carefully-designed system can be insecure if configured incorrectly. This page collects security-related resources in one place.

See the Security for VuFind® Administrators page for step-by-step instructions on common security-related configuration needs as well as important best practice advice.

If you have discovered a security flaw in VuFind®, or if you have specific security-related concerns, please contact info@vufind.org to reach the Project Management Committee. The PMC will work with you to reach a satisfactory solution to your problem and make responsible disclosures to the community where necessary.

• The results of a 2023 security audit were discussed as part of the 2023 VuFind® Summit. Recordings and associated documentation can be found on the page for the event.