From ebf2b0c1fa17750a3604e7744c5cc550101cecfa Mon Sep 17 00:00:00 2001 From: Collin Date: Fri, 4 Jul 2025 00:53:37 -0500 Subject: [PATCH] Update SECURITY.md with detailed instructions for security vuln reports --- SECURITY.md | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 91ef61a78..2e418029f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,9 +4,37 @@ The X11Libre project takes security seriously. If you discover any vulnerabilities, please report them responsibly. -- **Contact**: https://github.com/metux info@metux.net legendarydood@gmail.com -- **Preferred Method**: Email with detailed reproduction steps, logs, and system info -- **Public Disclosure**: Please wait until we’ve resolved the issue before making it public +### How to Report a Security Vulnerabilitiy + +Send a detailed email to one or more of the following contacts: +- info@metux.net +- legendarydood@gmail.com + +Include the following information: + +1. **Vulnerability description** + - What did you observe, and why is it a concern? + +2. **Reproduction steps** + - Clear, step-by-step instructions + - Include specific configurations or inputs required + +3. **System and environment details** + - OS version + - X11Libre version or commit hash + - Display manager, drivers, or hardware specifics + +4. **Supporting data** + - Logs (in plain text) + - Core dumps (if available and safe to share) + +5. **Impact analysis (if known)** + - Potential for remote or local exploitation + - Possible consequences (e.g. data exposure, privilege escalation, denial-of-service) + +Please allow us ample time to validate and patch the issue before disclosing it publicly. + +Feel free to privately message staff over our offical Matrix or Telegram if the issue is of extreme merit and needs an immediate solution. ## Supported Versions