For operators

From “Guidance for Operators” in

What do I do if I am an operator and someone reports a vulnerability to me?

What will happen if a report is accidentally sent to for the operation of my Open edX instance?

  • Please let know the best email (preferably a group email, like to forward such reports to, along with your Open edX instance name, domain, and separate contact information for an individual responsible for security at your organization.

  • The Security Working Group will do their best to forward such reports to the correct organization.

How do I receive notification of the release of upcoming security patches?

  • Please watch the Open edX Discourse Security Announcements topic at . If you are logged in, select the button with a bell icon on the top right corner above the topic list and choose “Watching First Post”.

  • Discourse should send the announcements to your email that have [Open edX discussions] [Announcements/Security] in the subject line.