Skip to content

Security: vta/ImageMagick

Security

SECURITY.md

Security Policy

ImageMagick recommended practices strongly encourages you to configure a security policy that suits your local environment.

Supported Versions

We encourage users to upgrade to the latest ImageMagick release to ensure that all known security vulnerabilities are addressed. On request, we can backport a vulnerability to other ImageMagick versions.

Reporting a Vulnerability

Post any vulnerability as an issue. Or you can post privately to the ImageMagick development team. Most vulnerabilities are fixed within 48 hours.

In addition, request a CVE. We rely on you to post CVE's so our development team can concentrate on delivering a robust security patch.

There aren’t any published security advisories