Cairo follows good practices of security, but 100% security cannot be assured. Cairo is provided "as is" without any warranty. Use at your own risk.

1. Reporting a Vulnerability

If there are any vulnerabilities in Cairo, don’t hesitate to report them.

  1. Use any of the private contact addresses.

  2. Describe the vulnerability.

    If you have a fix, that is most welcome -- please attach or summarize it in your message!
  3. We will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. We will contact you to let you know the outcome, and will credit you in the report.

    Please **do not disclose the vulnerability publicly** until a fix is released!
  4. Once we have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it.