Learn about our release and support policy for the nature of our releases and versions.
If you discover a security vulnerability, follow the steps outlined below to report it:
-
Do not publicly disclose the vulnerability before discussing it with us.
-
Report a bug at https://bugs.launchpad.net/anbox-cloud
Important: Remember to set the information type to Private Security. You will see a field with the text This bug contains information that is:
-
Provide detailed information about the vulnerability, including:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact and affected versions
- Suggested mitigation, if possible
The Ubuntu Security disclosure and embargo policy contains more information about what you can expect when you contact us and what we expect from you.
The Anbox Cloud team will be notified of the issue and review the vulnerability. We may reach out to you for further information or clarification if needed. If the issue is confirmed as a valid security vulnerability, we will assign a CVE and coordinate the release of the fix. We also document them as security notices.