--- title: Security weight: 40 --- If there are vulnerabilities in composer-patches, don't hesitate to report them using [the "Report a vulnerability" form](https://github.com/cweagans/composer-configurable-plugin/security/advisories/new). Once we have either published a fix or declined to address the vulnerability for whatever reason, you are free to publicly disclose it. **Please do not disclose the vulnerability publicly until a fix is released.**