Reporting a Security Issue

Found a security issue in CuteFlow? Don’t use the mailing-list or the bug tracker. All security issues must be sent to security [at] cuteflow.org instead. Emails sent to this address are forwarded to the CuteFlow core-team private mailing-list.

For each report, we first try to confirm the vulnerability. When it is confirmed, the core-team works on a solution following these steps:

  1. Send an acknowledgement to the reporter;
  2. Work on a patch;
  3. Write a post describing the vulnerability, the possible exploits, and how to patch/upgrade affected applications;
  4. Apply the patch to all maintained versions of CuteFlow;
  5. Publish the post on the official CuteFlow blog.

Note

While we are working on a patch, please do not reveal the issue publicly.