If you have discovered a security vulnerability in LibHaLo or the surrounding ecosystem, please don't report it using public issues. Instead, please either report a Security Advisory, or just contact project maintainers:
- Michał Leszczyński (ml@arx.sh)
- Cameron Robertson (cameron@arx.sh)
Please address all persons listed above to let us look at the security issue quicker.
Optionally, you can encrypt your security report using the following GPG keys:
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEY5jfXBYJKwYBBAHaRw8BAQdAUTUhSRFWnnj6Bniyv6hP9YtJCo1IQFue
WfChvpKMo+PNFW1sQGFyeC5zaCA8bWxAYXJ4LnNoPsKMBBAWCgA+BQJjmN9c
BAsJBwgJEEKeZWQ1M2NtAxUICgQWAAIBAhkBAhsDAh4BFiEEWgDBeuzYQ4t8
B4dsQp5lZDUzY20AABXmAP0QFJJh+sFjidAcrbj6kS7D0ArT8JIp9h90NLld
kGnCwAEAodt6PwY6gH7jCQNUiZa6t/a5AJ98f84XES6qmbM+dgDOOARjmN9c
EgorBgEEAZdVAQUBAQdA9FT+2c5TdaQ5PiF/o+TXdR4XyavP3GicgzZdj07m
6lkDAQgHwngEGBYIACoFAmOY31wJEEKeZWQ1M2NtAhsMFiEEWgDBeuzYQ4t8
B4dsQp5lZDUzY20AAKrIAP9vhrMBRt+gXZvSmLrWJdkzHKVulV9z1IXEJ50f
4xDeCgD/aA8uMoDa/Vy1W2Ab8hq37eD7xjB2E2Y/5LNt1vD7jAw=
=phpN
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEYwXEVxYJKwYBBAHaRw8BAQdAQGM0lmDr29oNkK0668i8muI3q5Y2ns74
wecyAeNzdobNH2NhbWVyb25AYXJ4LnNoIDxjYW1lcm9uQGFyeC5zaD7CjwQQ
FgoAIAUCYwXEVwYLCQcIAwIEFQgKAgQWAgEAAhkBAhsDAh4BACEJEJytvWDH
6Q5EFiEEgHZFXXFSDxnaTHEgnK29YMfpDkQNmgEAz7nWYy+dV9EvRb2uNcWj
DZqVXcdnJIL6o497bCEENTkBAP2RAewZ0SgRicizmKZ3xizfO0k/xCkQ3jVm
mgvmRHcPwqgEEBYIAFoFAmNPPgAJENgGwa9ZeOjHFiEECoZS/l1TOGBXiZ/p
2AbBr1l46McsHG9wZW5wZ3AtY2FAcHJvdG9uLm1lIDxvcGVucGdwLWNhQHBy
b3Rvbi5tZT4FgwJ4eAYAANdRAQDHmw7wabhs3rYXeyUmRlmuGCS2qzYF6Jyj
jeIrf/EFKgD8DWarnxn607xzUYQSy6QE+yTMzNW/zGMQ0wFqP5zTfQbOOARj
BcRXEgorBgEEAZdVAQUBAQdADvll32loDOOugDxIOGR6+AnJI5/MslzX6ZvF
Vs+ePCkDAQgHwngEGBYIAAkFAmMFxFcCGwwAIQkQnK29YMfpDkQWIQSAdkVd
cVIPGdpMcSCcrb1gx+kOROCpAP4lhs6whAnjxw5N0nMBfkO3Lyvkb54n6KXf
G2IHe3TVSwD/ZzzvaDuPE/QcTTn3Z1JG9GgyeVSdm4sE/ZNm1gu+QwA=
=dy0v
-----END PGP PUBLIC KEY BLOCK-----
Project maintainers will do their best to inspect the reported security vulnerability as fast as possible. The security vulnerability might be resolved in one or more of the following ways:
- The new version of the project is released with the security issue resolved. We will do our best to notify affected parties before or after the fixed build is released.
- We will find out how to mitigate the issue with the existing versions of the project. A note will be published, describing how to mitigate the issue.
- The security issue will turn out to be impossible to fix and we will publish a note about that.
All notes mentioned above will be publicly announced after certain reasonable date set by the project maintainers. The project maintainers might notify certain entities before the note is publicly available. Per request, we will include the information about the person who discovered the vulnerability, or this information will be kept entirely private.