The PHPHR team takes security and data protection very seriously. We appreciate the efforts of security researchers and the community in helping keep PHPHR safe and reliable.
If you discover a security vulnerability in PHPHR, please do not create a public GitHub issue.
Instead, report the vulnerability responsibly by contacting us at:
π§ info@phphr.com
Please include the following details:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Screenshots or logs (if available)
We aim to respond to all security reports within 48 hours.
Security updates are currently provided for:
| Version | Supported |
|---|---|
| v3.x | β Yes |
Older versions may not receive security updates.
We strongly recommend the following practices for all PHPHR installations:
- Use HTTPS in production environments
- Keep PHP, database, and server software updated
- Restrict file and directory permissions
- Change default administrator credentials immediately
- Perform regular database backups
Once a vulnerability is reported:
- We will acknowledge receipt of the report
- Investigate and validate the issue
- Release a fix as soon as possible
- Provide credit to the reporter (if requested)
Thank you for helping keep PHPHR secure and trusted. Your responsible disclosure helps protect the entire community.