Reporting a Security Issue¶
Found a security issue in CuteFlow? Don’t use the mailing-list or the bug tracker. All security issues must be sent to security [at] cuteflow.org instead. Emails sent to this address are forwarded to the CuteFlow core-team private mailing-list.
For each report, we first try to confirm the vulnerability. When it is confirmed, the core-team works on a solution following these steps:
- Send an acknowledgement to the reporter;
- Work on a patch;
- Write a post describing the vulnerability, the possible exploits, and how to patch/upgrade affected applications;
- Apply the patch to all maintained versions of CuteFlow;
- Publish the post on the official CuteFlow blog.
Note
While we are working on a patch, please do not reveal the issue publicly.