-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
1 changed file
with
6 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,12 +9,15 @@ To report a security issue, please use one of the following methods: | |
| - [@droidmonkey_kpxc](https://matrix.to/#/@droidmonkey_kpxc:matrix.org) | ||
| - [@varjolintu](https://matrix.to/#/@varjolintu:matrix.org) | ||
| - [@phoerious](https://matrix.to/#/@phoerious:matrix.org) | ||
| - **Send an Email:** Send your report to [email protected]. We recommend encrypting the email if possible. | ||
|
|
||
| Please **do not** use public channels (e.g., GitHub issues) for initial reporting of bona fide security vulnerabilities. | ||
|
|
||
| Please **do not** use public channels (e.g., GitHub issues) for reporting security vulnerabilities. | ||
| Once you report a security issue, our team will respond with the next steps. After our initial reply, we will keep you informed of the progress towards a fix and full announcement. We may ask for additional information or guidance during this process. If we disagree that your report constitutes a genuine security vulnerability, we will inform you and close the report. Your report may be turned into an issue for further tracking. | ||
|
|
||
| Once you report a security issue, our team will respond with the next steps. After our initial reply, we will keep you informed of the progress towards a fix and full announcement. We may ask for additional information or guidance during this process. | ||
| Please DO NOT submit a report to a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) prior to confirming the security vulnerability with the KeePassXC Team. If we do not respond to your report within 30 days then this restriction no longer applies. | ||
|
|
||
| If you discover vulnerabilities in third-party modules used by KeePassXC, please report them to the maintainers of the respective modules. If the vulnerability impacts KeePassXC directly, we encourage you to notify us using the above methods. | ||
| If you discover vulnerabilities in third-party modules used by KeePassXC, please report them to the maintainers of the respective modules. If the vulnerability impacts KeePassXC directly, we encourage you to notify us using the above methods. We will validate if the vulnerability is exploitable from KeePassXC code; please note that not all vulnerabilities are actually exploitable and do not constitute an immediate concern for the KeePassXC application. | ||
|
|
||
| For other inquiries (e.g., developer questions, user questions), please use the public channels on Matrix: | ||
| - **User's Channel:** [#keepassxc:mozilla.org](https://matrix.to/#/#keepassxc:mozilla.org) | ||
|
|
||