---
title: Security
weight: 40
---

If there are vulnerabilities in composer-patches, don't hesitate to report them
using [the "Report a vulnerability" form](https://github.com/cweagans/composer-configurable-plugin/security/advisories/new).

Once we have either published a fix or declined to address the vulnerability for whatever reason, you are free to
publicly disclose it. **Please do not disclose the vulnerability publicly until a fix is released.**