1.5 KiB
1.5 KiB
X11Libre Security Policy
Reporting Vulnerabilities
We take security seriously in X11Libre. If you discover any vulnerabilities, please report them responsibly.
- Contact: https://github.com/metux info@metux.net legendarydood@gmail.com
- Preferred Method: Email with detailed reproduction steps, logs, and system info
- Public Disclosure: Please wait until we’ve resolved the issue before making it public
Supported Versions
| Version | Status |
|---|---|
master branch |
Supported and maintained |
| Older tags | No longer supported |
We recommend always using the latest release for performance and security fixes.
Security Best Practices (User-Side)
To help protect your systems when using x11libre:
- Use minimal privileges when running X sessions
- Avoid setuid binaries unless required
- Keep your display manager and window manager updated
- Regularly audit any X11-forwarded connections, especially over SSH
- Use sandboxing or containerization when integrating third-party extensions
Developer Guidelines
For contributors submitting PRs:
- Don’t introduce new system calls without justification
- Avoid unsafe memory operations (especially in C/C++)
- Use compile-time and runtime hardening flags
- Submit fuzzing harnesses or test vectors for complex parsing logic
We appreciate your help in keeping x11libre safe for everyone. Let’s build something resilient, secure, and libre.