Please report issues to security@fatfreecrm.com. We will work with you to understand the issue and how it can be fixed.
Please do not disclose the issue publicly until it has been resolved and released. We will give you credit for discovering the issue, once it has been patched and announced, but until then we ask that you consider the security implications of the issue you have found and the impact on others using an un-patched system.
When security advisories are released by the Fat Free CRM team, they will be announced on the Fat Free CRM users google group. If you wish to receive security announcements, you should subscribe to that group.