Bug Reporting and Security Guidelines
As the code develops and changes, there will always be new "features" and bugs introduced. While the developers always strive to attain perfection, mistakes and the unexpected do occur.
Diagnosing problems
Before wading in to track down a problem, it's worth consulting the FAQ and the bug reporting system to see if there are any reports of similar issues.
- Guide on tracking proftpd bugs
- How to Ask Questions the Smart Way
- All open bugs
- All bugs with a severity of 'normal' or higher
- Requested Enhancements
Reporting Security Issues
The ProFTPD Project takes a very active stance in eliminating security problems and denial of service attacks against the ProFTPD FTP server. We are firm believers in responsible full disclosure and do our best to follow RFPolicy whenever possible.
In keeping with RFPolicy, we strongly encourage folks to report security-related problems to security@proftpd.org first, before disclosing them in a public forum. We cannot accept regular bug reports or other queries at this address. Instead, we ask that you use our bug reporting system for those.
Please note that all networked servers are subject to denial of service attacks, and we cannot promise magic workarounds to generic problems or issues which are a result of the host OS. In general, our philosophy is to avoid any attacks which can cause the server to consume resources in a non-linear relationship to the size of inputs.