The BeeWare Projects team is strongly committed to responsible reporting and disclosure of security-related issues. As such, we’ve adopted and follow a set of policies which conform to that ideal and are geared toward allowing us to deliver timely security updates to the official distribution of BeeWare tools, as well as to third-party distributions.

Short version: please report security issues by emailing security@beeware.org.

Most normal bugs in BeeWare are reported to our public Github issue trackers, but due to the sensitive nature of security issues, we ask that they not be publicly reported in this fashion.

Instead, if you believe you’ve found something in BeeWare which has security implications, please send a description of the issue via email to security@beeware.org. Mail sent to that address reaches the security team.

Once you’ve submitted an issue via email, you should receive an acknowledgment from a member of the security team within 48 hours, and depending on the action to be taken, you may receive further followup emails.

At present, the BeeWare team is only committed to providing security updates to the most recently released versions of our tools.