Please ensure that you are using a supported version.

Distribution packages are usually outdated and full of vulnerabilities.

For a general overview, please first read security considerations as it pervades the architecture of the software.

We understand and accept that some researchers prefer full-disclosure, but we would prefer to have a heads up prior to the release of the vulnerability details.

Critical bugs are usually fixed (if reproducible) within hours, rather than days or weeks. Though making a new release does take a little bit longer. Even more so for vulnerabilities.

Please contact security@xpra.org