From jimklimov+nut at gmail.com Fri Jun 5 11:18:26 2026 From: jimklimov+nut at gmail.com (Jim Klimov) Date: Fri, 5 Jun 2026 12:18:26 +0200 Subject: [Nut-upsdev] NUT Project Security Policy Message-ID: Hello all, We have recently had more eyes (and AI's) looking at our project, uncovering a few regrettable mistakes that might have or not have security implications. They were disclosed in as reasonable a manner as possible at that time, given that we did not have any policy published about that, nor tools/channels to do so. A wording for the reporting policy as well as explanation of the interaction between upstream NUT (trunk sources) and releases (snapshots) and packages (someone else's work) has now been proposed at https://github.com/networkupstools/nut/pull/3470 and would be merged shortly (after CI is satisfied with spell-checks, tarballs, etc.), but contributions for future revisions are welcome. As part of this experience, the GitHub-provided channel for such responsible reporting was unlocked under https://github.com/networkupstools/nut/security - these reports would only be visible to the reporter(s) and NUT core team, until fixed and published as a security advisory. Hope this helps, Jim Klimov -------------- next part -------------- An HTML attachment was scrubbed... URL: