If you find a security issue with Mutagen or one of its related projects, please DO NOT submit it via the issue tracker! Instead, please follow responsible disclosure practices and send information about security issues directly to [email protected] so that a proper assessment can be made and a fix prepared before a wide announcement. Please note that the @docker.com email address is correct — Docker acquired Mutagen in 2023.

Even in cases where you have limited or incomplete information, or you're not sure whether or not a problem constitutes a security issue, please make contact as soon as possible. We can work together to investigate, debug, and assess.

You may also direct questions, feedback, or suggestions about Mutagen's security policy to the same email addresses.

Your help is greatly appreciated in keeping Mutagen code secure!