Note: this article is not intended for security researchers. If you’re a researcher, see information for security researchers.
We take security issues very seriously and want to ensure that you always feel safe when using Gravity Forms. Here are a few steps you should take if you believe you have a security issue with Gravity Forms.
Steps to take before reporting
Ensure Gravity Forms is fully updated to the latest version
First, be sure that you have the latest version of Gravity Forms. If not, you may be running an older version in which we have already patched the issue in a newer version. We strive to keep newer versions compatible with any existing implementation you have, so you should see minimal, if any issues at all, from updates.
Ensure all Gravity Forms addons are updated
Whether you are using official or third-party addons, be sure that they are all fully updated. Just as keeping Gravity Forms updated is important to your site’s health, keeping your add-ons up to date are just as important.
Submitting a security report
If you have ensured that the security issue is indeed a current one, we want to know as soon as possible.
- First, be sure to gather all information possible. This includes what has been affected, as well as the potential exploit. Providing thorough information will help us release a patch much more quickly.
- Open a ticket using our General Contact form as soon as possible. We have individuals in various locations across the world that will be able to review your concern quickly.
- We will confirm receipt of your security concern as soon as possible.