3 ## Reporting a Vulnerability
5 If you have found a security vulnerability in tinc, please email
6 guus@tinc-vpn.org directly. You can encrypt the email using PGP if desired. We
7 will try to respond within 48 hours. If there is no response, try to contact us
8 via alternate means listed at https://www.tinc-vpn.org/contact/.
12 We greatly prefer to use the responsible disclosure model. After we have been
13 contacted about a potential vulnerability, we will do the following:
15 - Confirm the problem and determine the affected versions.
16 - Register a CVE number.
17 - Prepare a fix for all affected versions of tinc.
18 - Coordinate a release of the fix with Linux and BSD distributions.
19 - Disclose the vulneratbility after the fix has been released and any agreed
20 upon embargo period has expired.
24 Currently we support the 1.0.x and 1.1.x branches of tinc.
26 | Version | Supported |
27 |---------|-----------|