If you believe you have found a security vulnerability in PostGIS please report it to us following the procedure below. We appreciate your efforts to disclose the issue responsibly.

To report a security issue, please email the team at security@postgis.net, which is a private maintainer-only group. The security team will reply as soon as possible to acknowledge the receipt of your message and to discuss future steps or request additional information.

For reporting non-security issues, please use the traditional channels and open a Trac ticket or use the public mailing lists:

• https://lists.osgeo.org/mailman/listinfo/postgis-users
• https://lists.osgeo.org/mailman/listinfo/postgis-devel

To help us better diagnose the issue, please include the following information (as much as you can provide):

• Current PostGIS version: SELECT postgis_full_version();.
• Current PostgreSQL version: SELECT version();.
• Step by step instructions to reproduce the issue.

Upon receiving a vulnerability report, the security team will:

• Confirm the vulnerability and the affected releases.
• Verify if there are similar problems in the code.
• Patch all releases still under maintenance and release micro versions including the fix.

Please note that issues in unsupported releases (https://trac.osgeo.org/postgis/wiki/UsersWikiPostgreSQLPostGIS) will likely not be addressed, and issues with third party dependencies need to be reported to the team maintaining them.