Hi,
To support the secure deployment of Xpra and aid downstream compliance
with cybersecurity regulations (such as the Cyber Resilience Act,
CIRCIA/CISA, etc.), we are setting up a restricted mailing list for
advance notifications regarding security issues affecting any of the
Xpra projects.
This includes the MS Windows and macOS builds, which bundle over a
hundred third-party library dependencies. The SBOM (Software Bill of
Materials) feature will help facilitate this effort.
At present, there are several known issues - some of which have not
received adequate public attention. Some of these may still be assigned
CVEs, and it is inevitable that new issues will be discovered over time.
Key points:
* the focus will be on currently supported versions (v5 and newer),
though issues in older versions may also be reported.
* notifications will be sent within 48 hours of new discoveries,
regardless of whether a mitigation is available.
* if applicable, a CVE will be requested around the same time.
* full disclosure of the issue will follow within 7 days.
If you would like to be added to this notification list, please send a
request to: secur...@xpra.org.
This service is free and open to anyone, but please provide a brief
justification for your inclusion. Ideally, the list will remain small to
minimize the risk of leaks and abuse.
Cheers,
Antoine
_______________________________________________
shifter-users mailing list
shifter-users@lists.devloop.org.uk
https://lists.devloop.org.uk/mailman/listinfo/shifter-users
