If you discover a security vulnerability, please follow the steps outlined below to report it:
- Do not publicly disclose the vulnerability before discussing it with us.
- Contact us via email at [email protected].
- Provide detailed information about the vulnerability, including:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Potential impact and affected versions.
- Suggested mitigations, if possible.
The Ubuntu Security disclosure and embargo policy contains more information about what you can expect when you contact us and what we expect from you.
The Launchpad team will be notified of the issue and review the vulnerability. We may reach out to you for further information or clarification if needed. If the issue is confirmed as a valid security vulnerability, we will assign a CVE and coordinate the release of the fix.