Skip to content

Security: steve-mcintyre/fwupd

Security

SECURITY.md

Security Policy

Due to the nature of what we are doing, fwupd takes security very seriously. If you have any concerns please let us know.

Supported Versions

The 1.3.x, 1.2.x and 1.1.x branches are fully supported by the upstream authors. Additionally, the 1.0.x branch is supported for security and bug fixes.

Older releases than this are unsupported by upstream but may be supported by your distributor or distribution. If you open an issue with one of these older releases the very first question from us is going to be asking if it's fixed on a supported branch. You can use the flatpak or snap packages if your distributor is unwilling to update to a supported version.

Version Supported
1.3.x ✔️
1.2.x ✔️
1.1.x ✔️
1.0.x
0.9.x
0.8.x

Reporting a Vulnerability

If you find a vulnerability in fwupd your first thing you should do is email all the maintainers, which are currently listed in the MAINTAINERS file in this repository.

Failing that, please report the issue against the fwupd component in Red Hat bugzilla, with the security checkbox set. You should get a response within 3 days. We have no bug bounty program, but we're happy to credit you in updates if this is what you would like us to do.

There aren’t any published security advisories