To report a security issue, please email the maintainers (see AUTHORS) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.

Our vulnerability management team will respond within 5 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.

Security updates are only provided for the latest version of liblouis.

Security problems that originate from loading of liblouis tables are not really considered a security problem, as typically tables are not loaded from untrusted sources.

On the other hand, issues found in the translation code, which deals with untrusted input, are indeed critical and need to be reported.

Hence, issues reported by fuzz_translate and fuzz_translate_generic are most likely critical and we'd appreciate reports. Issues reported by table_fuzzer are not critical and have lower priority.