1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
# How to report a security issue with dqlite
If you find a security issue with dqlite, the best way to report it is using
GitHub's private vulnerability reporting. [Here][advisory] is the form to
submit a report, and [here][docs] is the detailed documentation for the GitHub
feature.
Once you submit a report, the dqlite team will work with you to figure out
whether there is a security issue. If so, we will develop a fix, get a CVE
assigned, and coordinating the release of the fix. The [Ubuntu Security
disclosure and embargo policy][policy] contains more information about what you
can expect during this phase, and what we expect from you.
[advisory]: https://github.com/canonical/dqlite/security/advisories/new
[docs]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability
[policy]: https://ubuntu.com/security/disclosure-policy
|
