A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

# This site is running a Forgejo instance.
# Forgejo-related security problems should be reported to the Forgejo security team.
# Security problems related to this instance should be reported to its administration.
Policy: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING.md
Contact: mailto:security@forgejo.org
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/1B638BDF10969D627926B8D9F585D0F99E1FB56F
Preferred-Languages: en
Expires: 2025-06-25T00:00:00Z