We value responsible disclosure. If you believe you’ve found a security issue in Spin the Web or the Webspinner labs, please email:
- security contact: security@spintheweb.org
Please include details to reproduce the issue (steps, environment, affected versions). We aim to acknowledge within 3 business days.
Security fixes are prioritized for the main branch and the latest released containers.
- Do not publicly disclose vulnerabilities before coordination
- Avoid accessing or modifying data you don’t own
- Use test accounts and minimal data when possible
- If you need to send sensitive details, request a PGP key in your initial email
Thank you for helping keep Spin the Web users safe.