CiviCRM's Security Working Group exists to address reported security issues regarding CiviCRM sites and data. The security working group:

  • Resolves reported security issues in a security advisory
  • Provides security releases on a predictable schedule
  • Provides documentation on writing secure code and securing websites
  • Assists in securing

Information on CiviCRM's security policy and announcements is available at

The security working group occasionally performs a security analysis of core or extension code, especially if there is a weakness that can be easily identified, but in general does not review core or extension code.

If you wish to contribute towards the security working group, please contact the security team at The security team lead is Chris Burgess.

To report a security issue, please follow the guidelines on how to report a security issue to CiviCRM.

Chris Burgess, Tim Otten

Work spaces

Related working groups

This working group is in the Development team. Browse other working groups in the Development team: