We take the security of our software and the churches that rely on it seriously — several of our apps handle member data and online donations.
Please do not report security issues in public GitHub issues.
Instead, report privately using GitHub's private vulnerability reporting — go to the affected repository's Security tab and click Report a vulnerability. If that is unavailable, email support@churchapps.org.
Please include:
- The affected app/repository and version or commit
- A description of the issue and its potential impact
- Steps to reproduce, if possible
We will acknowledge your report as quickly as we can, keep you updated on our progress, and credit you once a fix ships (unless you prefer to remain anonymous). Thank you for helping keep the Church safe online.