1.4 KiB
Security Policy
Reporting a Vulnerability
If you discover a security vulnerability in libinput, please report it as a confidential issue on GitLab:
https://gitlab.freedesktop.org/libinput/libinput/-/issues/new?issue[confidential]=true
Do not report security vulnerabilities through public issues, mailing lists, or other public channels.
A confidential issue is only visible to the project maintainers and the reporter. Once the issue has been resolved and a fix has been released, the issue will be made public.
What to Include in Your Report
To help us triage and fix the issue quickly, please provide:
- A clear description of the vulnerability and its potential impact.
- Step-by-step instructions (or a Proof of Concept script) to reproduce the issue.
- The other information that the pre-filled issue template will request.
Our Process
We will acknowledge receipt of your report as soon as possible. Note that due to the small team working on libinput acknowledgement may take several days, especially on weekends and public holidays.
Our core team will investigate the issue in the confidential thread. We will coordinate a security release and, where applicable, request a CVE. Credit will be given to the reporter upon public disclosure unless requested otherwise. If you require a specific text (e.g. "John Smith on behalf of Corporation") please provide this information in the issue.