Meta tags:
description= What to do if you found a serious bug;
Headings (most frequently used words):
security, issues, and, responsible, disclosure, sponsored, by,
Text of the page (most frequently used words):
admin (13), mastodon (11), and (9), your (9), the (8), #security (7), you (5), #issues (5), that (4), report (4), instance (4), profile (4), account (4), api (4), oauth (4), with (4), using (4), source (3), vulnerability (3), code (3), github (3), should (3), not (3), public (3), bug (3), responsible (3), disclosure (3), search (3), preferences (3), apps (3), reports (3), accounts (3), setting (3), server (3), new (3), installation (2), other (2), for (2), issue (2), what (2), notificationpolicy (2), filter (2), quote (2), domainblock (2), notifications (2), trends (2), collections (2), domain_blocks (2), tokens (2), environment (2), implementing (2), posts (2), machine (2), installing (2), features (2), configuring (2), running (2), imprint, view, blog, join, sponsored, last, updated, september, 2025, improve, this, page, distributed, through, our, main, repository, vulnerabilities, are, specific, given, misconfiguration, reported, owner, such, spaces, give, time, publish, fix, without, exposing, users, increased, risk, provide, bounty, program, moment, believe, identified, allows, something, happen, shouldn, possible, either, send, joinmastodon, org, open, found, serious, webpushsubscription, translation, token, termsofservice, tag, suggestion, statussource, statusedit, status, shallowtag, shallowquote, scheduledstatus, rule, role, relationshipseveranceevent, relationship, reaction, quoteapproval, privacypolicy, previewcardauthor, previewcard, poll, notificationrequest, notificationfallback, notification, mediaattachment, marker, list, identityproof, filterstatus, filterresult, filterkeyword, featuredtag, featureapproval, familiarfollowers, extendeddescription, error, customemoji, conversation, context, collectionwithaccounts, collectionitem, collection, asyncrefresh, application, appeal, annualreport, announcement, measure, ipblock, emaildomainblock, domainallow, dimension, cohort, canonicalemailblock, accountwarning, entities, streaming, markers, lists, conversations, timelines, scheduled_statuses, polls, media, statuses, proofs, oembed, push, directory, custom_emojis, announcements, health, grouped, async_refreshes, emails, annual, retention, measures, ip_blocks, email_domain_blocks, domain_allows, dimensions, canonical_email_blocks, tags, suggestions, mutes, followed_tags, follow_requests, filters, featured_tags, favourites, endorsements, bookmarks, blocks, methods, rate, limits, scopes, guidelines, best, practices, datetime, formats, rest, bearcaps, microformats, webfinger, activitypub, spec, compliance, design, reference, creating, themes, css, styling, state, management, components, frontend, guide, routes, structure, dev, technical, overview, contributing, libraries, implementations, logging, obtaining, client, app, access, playing, data, getting, started, developing, roles, webhooks, database, index, corruption, troubleshooting, errors, moderation, actions, scaling, migrating, backing, upgrading, release, cli, single, sign, captcha, onion, services, object, storage, optional, full, text, from, preparing, own, official, ios, android, moving, leaving, externally, more, settings, set, promoting, yourself, others, dealing, unwanted, content, quoting, network, posting, signing, documentation,
Text of the page (random words):
security issues and responsible disclosure mastodon documentation what is mastodon using mastodon signing up for an account setting up your profile posting to your profile using the network features quoting other posts dealing with unwanted content promoting yourself and others set your preferences more settings using mastodon externally moving or leaving accounts official ios and android apps running your own server running mastodon preparing your machine installing from source configuring your environment configuring full text search installing optional features object storage onion services captcha single sign on setting up your new instance using the admin cli upgrading to a new release backing up your server migrating to a new machine scaling up your server moderation actions troubleshooting errors database index corruption webhooks roles developing mastodon apps getting started with the api playing with public data obtaining client app access logging in with an account libraries and implementations implementing quote posts implementing collections contributing to mastodon technical overview setting up a dev environment code structure routes security issues and responsible disclosure frontend guide components state management css and styling creating themes design tokens reference spec compliance activitypub webfinger security microformats oauth bearcaps rest api datetime formats guidelines and best practices oauth tokens oauth scopes rate limits api methods accounts blocks bookmarks domain_blocks endorsements favourites featured_tags filters follow_requests followed_tags mutes preferences reports suggestions tags admin accounts canonical_email_blocks dimensions domain_allows domain_blocks email_domain_blocks ip_blocks measures reports retention trends annual reports apps emails oauth async_refreshes collections grouped notifications health instance announcements custom_emojis directory trends notifications push oembed profile proofs search statuses media polls scheduled_statuses timelines conversations lists markers streaming api entities account accountwarning admin account admin canonicalemailblock admin cohort admin dimension admin domainallow admin domainblock admin emaildomainblock admin ip admin ipblock admin measure admin report announcement annualreport appeal application asyncrefresh collection collectionitem collectionwithaccounts context conversation customemoji domainblock error extendeddescription familiarfollowers featureapproval featuredtag filter filterkeyword filterresult filterstatus identityproof instance list marker mediaattachment notification notificationfallback notificationpolicy notificationrequest poll preferences previewcard previewcardauthor privacypolicy profile quote quoteapproval reaction relationship relationshipseveranceevent report role rule scheduledstatus search shallowquote shallowtag status statusedit statussource suggestion tag termsofservice token translation v1 filter v1 instance v1 notificationpolicy webpushsubscription security issues and responsible disclosure what to do if you found a serious bug if you believe you ve identified a security vulnerability in mastodon a bug that allows something to happen that shouldn t be possible you should either open a security issue on github or send the report to security joinmastodon org we do not provide a bug bounty program at the moment you should not report such issues on public github issues or in other public spaces to give us time to publish a fix for the issue without exposing mastodon s users to increased risk a vulnerability in mastodon is a vulnerability in the code distributed through our main source code repository on github vulnerabilities that are specific to a given installation e g misconfiguration should be reported to the owner of that installation and not us last updated september 29 2025 improve this page sponsored by join mastodon blog view source cc by sa 4 0 imprint
|