Hyprland/SECURITY.md

Hyprland Development Security Policy

If you have a bug that affects the security of your system, you may want to privately disclose it instead of making it immediately public.

Supported versions

Only the most recent release on Github is supported. There are no LTS releases.

What is not a security issue

Some examples of issues that should not be reported as security issues:

• An app can execute a command when ran outside of a sandbox
• An app can write / read hyprland sockets when ran outside of a sandbox
• Crashes
• Things that are protected via permissions when the permission system is disabled

What is a security issue

Some examples of issues that should be reported as security issues:

• Sandboxed application executing arbitrary code via Hyprland
• Application being able to modify Hyprland's code on the fly
• Application being able to keylog / track user's activity beyond what the wayland protocols allow

How to report security issues

Please report your security issues via either of these channels:

• Mail: vaxry [at] vaxry [dot] net
• Matrix: @vaxry:matrix.vaxry.net
• Discord: @vaxry