Skip to content

Security: unicode-org/icu

Security

SECURITY.md

Security Policy

If you have discovered a security vulnerability in this project, please report it privately. Do not disclose it as a public issue. This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.

Please submit the bug report as an ICU Jira issue. Be sure to set "Security level: Sensitive". This ensures the report will only be visible to the ICU team.

Please provide the following information in your report:

  • A description of the vulnerability and its impact
  • How to reproduce the issue

This project is maintained by volunteers on a reasonable-effort basis. As such, we ask that you give us 90 days to work on a fix before public exposure.

Copyright © 2023 and later Unicode, Inc. and others. All Rights Reserved. Unicode and the Unicode Logo are registered trademarks of Unicode, Inc. in the U.S. and other countries. Terms of Use and License

There aren’t any published security advisories