mirror of
https://gitlab.freedesktop.org/libinput/libinput.git
synced 2026-06-23 00:28:30 +02:00
34 lines
1.4 KiB
Markdown
34 lines
1.4 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a security vulnerability in libinput, please report it as a
|
|
**confidential issue** on GitLab:
|
|
|
|
https://gitlab.freedesktop.org/libinput/libinput/-/issues/new?issue[confidential]=true
|
|
|
|
Do **not** report security vulnerabilities through public issues, mailing
|
|
lists, or other public channels.
|
|
|
|
A confidential issue is only visible to the project maintainers and the
|
|
reporter. Once the issue has been resolved and a fix has been released, the
|
|
issue will be made public.
|
|
|
|
### What to Include in Your Report
|
|
|
|
To help us triage and fix the issue quickly, please provide:
|
|
* A clear description of the vulnerability and its potential impact.
|
|
* Step-by-step instructions (or a Proof of Concept script) to reproduce the issue.
|
|
* The other information that the pre-filled issue template will request.
|
|
|
|
## Our Process
|
|
|
|
We will acknowledge receipt of your report as soon as possible. Note that due
|
|
to the small team working on libinput acknowledgement may take several days,
|
|
especially on weekends and public holidays.
|
|
|
|
Our core team will investigate the issue in the confidential thread. We will
|
|
coordinate a security release and, where applicable, request a CVE. Credit
|
|
will be given to the reporter upon public disclosure unless requested
|
|
otherwise. If you require a specific text (e.g. "John Smith on behalf of
|
|
Corporation") please provide this information in the issue.
|