Please use the security issue form to report to us any security issue you find in Yii. DO NOT use the issue tracker or discuss it in the public forum as it will cause more damage than help.

Please note that as a non-commerial OpenSource project we are not able to pay bounties at the moment.

Security Issue Form

Once we receive your issue report, we will treat it as our highest priority. We will generally take the following steps in responding to security issues.

  1. Confirm the issue. We may contact with you for further discussion. We will send you an acknowledgement after the issue is confirmed.
  2. Work on a solution.
  3. Release a patch to all maintained versions.