Tickets
- Reporting Bugs
- Reporting Security Issues

Tickets

Getting feedback and help from the community in the form of tickets is anextremely important part of the CakePHP development process. All of CakePHP’stickets are hosted on GitHub.

Reporting Bugs

Well written bug reports are very helpful. There are a few steps to help createthe best bug report possible:

Do: Please searchfor a similar existing ticket, and ensure someone hasn’t already reported yourissue, or that it hasn’t already been fixed in the repository.
Do: Please include detailed instructions on how to reproduce the bug.This could be in the form of a test-case or a snippet of code thatdemonstrates the issue. Not having a way to reproduce an issue means it’s lesslikely to get fixed.
Do: Please give as many details as possible about your environment: (OS,PHP version, CakePHP version).
Don’t: Please don’t use the ticket system to ask support questions. The#cakephp IRC channel on Freenode has manydevelopers available to help answer your questions. Also have a look atStack Overflow.

Reporting Security Issues

If you’ve found a security issue in CakePHP, please use the following procedureinstead of the normal bug reporting system. Instead of using the bug tracker,mailing list or IRC please send an email to security [at] cakephp.org.Emails sent to this address go to the CakePHP core team on a private mailinglist.

For each report, we try to first confirm the vulnerability. Once confirmed, theCakePHP team will take the following actions:

Acknowledge to the reporter that we’ve received the issue, and are working ona fix. We ask that the reporter keep the issue confidential until we announceit.
Get a fix/patch prepared.
Prepare a post describing the vulnerability, and the possible exploits.
Release new versions of all affected versions.
Prominently feature the problem in the release announcement.