SECURITY.md

This document describes how security vulnerabilities in this project should be reported.

Support for neqo is based on the Firefox version in which it has landed.Versions of neqo incurrent versions of Firefox are actively supported.

The version of neqo that is active can be found in the Firefox repositories:

• release,
• beta, and
• trunk/central,
• ESR 115.

The listed version in these files corresponds totags on this repository.Releases do not always correspond to a branch.

We welcome reports of security vulnerabilities in any of these released versions or the latest code on themain branch.

To report a security problem with neqo, create a bug in Mozilla's Bugzilla instance in theCore :: Networking component.

IMPORTANT: For security issues, please make sure that you check the box labelled "Many users could be harmed by this security problem".We advise that you check this option for anything that involves anything security-relevant, including memory safety, crashes, race conditions, and handling of confidential information.

Review Mozilla'sguides on bug reporting before you open a bug.

Mozilla operates abug bounty program, for which this project is eligible.

There aren’t any published security advisories