SECURITY.md 1.7 KB
Security Policy
Reporting a Vulnerability
If you discover a security vulnerability in the Dioxus project, please report it privately and responsibly by emailing security@dioxuslabs.com. Do not report security issues publicly on GitHub or through issue trackers. We take all security reports seriously and will respond promptly.
Coordinated Vulnerability Response
When a security issue is reported, the Dioxus team prioritizes its resolution and coordinates a fix. We may work with affected users, upstream maintainers, and the original reporter to ensure a responsible and timely remediation. We use GitHub Security Advisories for secure communication and coordinated disclosure.
If you're a downstream user or maintainer and believe you're affected, you can request to join the coordination process. Please email us at security@dioxuslabs.com with your:
- Contact email
- GitHub username(s)
- Relevant project or ecosystem information
Participation is granted at the discretion of the Dioxus team.
Security Advisory Disclosures
We are committed to being transparent about security issues that affect Dioxus. Once a fix is in place, we announce advisories through:
- GitHub Release Notes.
- The RustSec Advisory Database (used by tools like
cargo-audit).
Users are encouraged to stay up to date with releases and monitor advisories relevant to their projects.