Responsible Disclosure Policy

At Hyve5 Inc DBA Leantime, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you’ve discovered a vulnerability, please follow the guidelines below to report it to our security team:

Please follow these rules when testing/reporting vulnerabilities:

  • Do not take advantage of the vulnerability you have discovered, for example by downloading more data than is necessary to demonstrate the vulnerability.
  • Do not read, modify or delete data that isn’t you own.
  • We ask that you do not to disclosure the problem to third parties until it has been resolved.
  • The scope of the program is limited to technical vulnerabilities in the Leantime Application (accounts.leantime.io & *.leantime.io) please do not try to test physical security or attempt phishing attacks against our employees, and so on. The website leantime.io is out of scope.
  • Out of concern for the availability of our services to all users, please do not attempt to carry out DoS attacks, leverage black hat SEO techniques, spam people, and do other similarly questionable things. We also discourage the use of any vulnerability testing tools that automatically generate significant volumes of traffic.
  • Please refrain from requesting compensation for reporting vulnerabilities. Any ackknowledgments will be available via Github

What we promise:

  • We will respond to your report within 3 business days with our evaluation of the report and an expected resolution date.
  • If you have followed the instructions above, we will not take any legal action against you in regard to the report.
  • We will keep you informed during all stages of resolving the problem.

We sincerely appreciate the efforts of security researchers in keeping our community safe.

The following people have responsibly disclosed vulnerabilities to us in the past:

2023
Brent Hopkins: View LinkedIn Profile
Maneesh S: View LinkedIn Profile 

2022+

Akshay GaikwadView LinkedIn Profile
Akshay ParseView LinkedIn Profile
Anjali PrakashView LinkedIn Profile
Badal SardharaView LinkedIn Profile
Bindiya SardharaView LinkedIn Profile
applefellowView Facebook Profile
Deepesh Kumar PandeyView LinkedIn Profile
Gourab SadhukhanView LinkedIn Profile
Karan KeswaniView LinkedIn Profile
Manish KumarView LinkedIn Profile
MIDHUN SView LinkedIn Profile
Mohamed KasimView LinkedIn Profile
Mohsin khanView LinkedIn Profile
Prashant JadonView LinkedIn Profile
Pritam MukherjeeView LinkedIn Profile
PURBASHA GHOSHView LinkedIn Profile
Ravi PavanView LinkedIn Profile
Rohit S. PathakView LinkedIn Profile
SACHIN YADAVView LinkedIn Profile
SHOBHIT MEHTAView LinkedIn Profile
Soundar.MView LinkedIn Profile
Subhamoy Guha (Nat IT Solved Pvt Ltd)View LinkedIn Profile
Subramanian RamakrishnanView LinkedIn Profile
Sumit SahooView Website 
astronaut riding on a dinosaur pointing to text that says welcome to the wonderful world of open source

Support Leantime

Leantime is an open source project and lives and breathes through its community.

If you like Leantime and want to support us you can start by giving us a Star on Github or through a sponsorship.