If you believe you have found a security vulnerability in an Ericsson-managed repository, please report it to us as described below.
Please do not open a public issue, pull request, or discussion for a security problem.
Instead, use the "Report a vulnerability" button on this repository's Security tab. This keeps the report private, lets us collaborate with you on a draft advisory, and supports private patch development.
- Affected project, component, and version(s)
- Environment (OS, architecture, platform, configuration)
- Reproduction steps; proof-of-concept or screenshots if available
- Impact and how the issue could be exploited
- Any embargo/disclosure timing you would like us to honor
- Whether and how you wish to be credited
The default policy for projects hosted on Ericsson's GitHub organization is to support security updates for the latest release. Some projects may have a different policy in place, as described in their dedicated SECURITY.MD file.