Skip to content

Security: scjundev/qTox

Security

SECURITY.md

Security Policy

Supported Versions

The latest release of qTox is supported. Any security fix will be added to a new version on top of it.

Reporting a Vulnerability

Please report vulnerabilities by Tox to anthonybilinski and sudden6. If that's not an option, please email me@abilinski with GPG fingerprint 7EB3 39FE 8817 47E7 01B7 D472 EBE3 6E66 A842 9B99 and [email protected] with GPG fingerprint DA26 2CC9 3C0E 1E52 5AD2 1C85 9677 5D45 4B8E BF44.

We should get back to you within a week. If the vulnerability is qTox specific and accepted, there should be a new release addressing the vulnerability within a couple of weeks. If we disagree with the vulnerability analysis, we will answer explaining our reasoning.

If the vulnerability is related to a dependency of qTox, we will follow the disclosure policy of that project. If a fix from the project isn't imminent and it's possible, we will mitigate the issue in qTox.

There aren’t any published security advisories