If there are any vulnerabilities in RootAsRole, don't hesitate to report them.
- Send mail at mailto:[email protected]. Below is the public PGP key to encrypt your message:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGN3U8UBEADbe0Wm75Ouew0WIIveLae8tWltIEvKr7rbCse8EHpDbWlESrGu
tWo5SdIHDUu16YZyih1BrGRQ3AXnPJG/wmWP1Pz+vyMvwaHN0WWzhZS6b/24v0ai
yLAXQUQCE02haTsn5mj8aMFP2dUhMQYsEYgjPcOJYhm5udxXJeYQAeZTcUnKjrji
ECR3VErfjjW0SFsI4YkqhFpeOCcXhUR38NszpXPUZ9WcEgsvGB8N8nPqscEYQngI
Xkk0WvJhkVmJk5NlPTUyhxhuxz7h4ADuYTnmbk5gZK3HKpmDXMVz0fQik6YKUNFv
UowYA+QhLI892j62HTcBuCc8x9DB0kKTH/nuRjPYnX8tKyOPhgq9NKkOxSC4dOe9
gTogSdhVA6TZvnbpssvBSz6WPYeIm/jfJdCEMbih2CteireTuyYLMCK2zstKFnnN
GBrUVdFGdXwuxM5TJB5LotLQ/E/xxstGphGaHi+gKRLSiKV7wlFEhlgWB2l8RuWo
F9KSOTm81mqCsMF6D4+on72uJV52Tumomc4eU8ESodHAsSiR9QkZ55BnnLu+Y8Wg
b/axlTI1j2UV1ABxrqaxpb4V/z2DQNtnM/vNhuDi0maXHrUDHQRehwvTn/4mGsbA
zXUMfOrFqCnh2QXXoCUSOVlgb2quLEJ2xQqr1j01yccPY/8iOC9I/0R0vwARAQAB
tBxMZUNoYXRQIDxsZWNoYXRwQG91dGxvb2suZnI+iQJNBBMBCAA3FiEEdPQ8V3S+
HzUn3vpINcFV6gUlEE0FAmN3U8cFCQWjmoACGwMECwkIBwUVCAkKCwUWAgMBAAAK
CRA1wVXqBSUQTffYD/0Qi/WephoN7JjLEYMID2mBFfdE4Lz6uHjhSEcLAKIrEZF3
VaNQa7sTug94j9Rkjdk6/GBk3SwHTAtRiTyw+ReNOW5LH3SbUO/we7quexPhZDON
NbeJmCUX811okJL2av/52swE+MPYJNbn4BX3lWSzgN5fQZ9I/0QUm2yQnjq5vxar
vbP144GW+ni9MvFYfcYZ6hSRpEhFlbJTJsJAZS4lTxkevg5ZdoIvMo63ZJ3CHTuN
EfXmPvYxtKvo9h9ESQbMV2A++LDq4/JdBfBSQrXFJq8XL+75aQ7QkakiGp72DwTQ
ds/MtAXe/3G2tjt7b/ytcNW4C8yPYiCbYdjBkS7aKIRF1XbRsgpARdOfCKsN/9Gu
iIb/Oy2XqwLq0xTgl9wS9XldSX7sNVyM1DDRm6t1/cLWmqZCroApoIWpQX4SznRe
3QCZ44eTHq+6b+eSiQZyrqaNDyVUdmXCTrQqXiotI7qQ00Hjigv6K2MInKGaN9Dw
/nfGxBD3KJOVnTYzSTacB5vbS3NQv0nKBtg3wjaE5/l7Cq6ZQmd4SgGYX3F5wuuz
jGtBmxe7gcZJzmodBLFflSbo0OFDmERcXyUls8jSEnbzRy8OVP2C2YOvXtxoL86g
pq2pA+HJRzP6oso2EwXdE8HxBLoZ1tu2vgKv6xduEmkw14cvSeoVzrm8aWxXf7kC
DQRjd1PHARAA14voBlK6KAaQ2oz+i1e9tiEUFFn5ZXxFdS4uH30Bttidugl1Ccdy
AeTCSrG5WU/zPilttjjHG+KCBxdFGCVV+r7xYAtuVFfasKVSJyGqDZN6nI9MdKMA
s3k7t9oz8RVvKWRpnLaxElvrE+k0n38t5LWQAyVrDeBQD0k0yneVZIc6OSaqANV6
nuy4Z0LWsoC8EIfjIQ+Swx/OrhluwSMObChIh1QU6tZ+S6pp2mZl4hHlRnEA9Ivz
LOZ2nB4IQ2SJL5jo5l9wFmzEseAsQPlSDowNNdPGik2b00UWfuMdM4BYjG140og9
5FW87c0LzSYQZ66rmQqOb6c9tAMzjvaeCaaeFW8vIQP3/C1MXYiiLCFKTLg1vG9b
sasT5nQVmq9ADjXf5uFk6UNKuXf0foUK5m8FTV5uvaZebekDPRUaEcuj8HSUaoER
TIR59k5rm4Ha9/ZJTspAtv1pyCU/MwLPAWXc1e7Tl0yvnJz6s2/RB88YWd95YfN/
h3pgKk8RaGkVKFv4bns7SIT4Ni4qxI1vqx07+t2CRQQOiqd9yXehAOsssQCI/p4a
CIBjeeDxGjqpH6Nho5TlXywvzb50vez6b7P5F2iW5/owqEBn8Rz+LqUeUia9ChAT
b7AAUeXeBhSq/xC8l3+bstvmTpcjW0kWLn+yovwTJCgB/eR7xALchPsAEQEAAYkC
PAQYAQgAJhYhBHT0PFd0vh81J976SDXBVeoFJRBNBQJjd1PIBQkFo5qAAhsMAAoJ
EDXBVeoFJRBNspQQAJK0m4gw3lFv0Vj3q5nIr8HcBn6L995BQwqvVrzAP/Bjl1xH
s1YmBZoU6zydQybMP6lkh0STwXtzOlTsUxh454vrUp/CzB+Q6mJvXSCyN8gYZiqz
q4GRNFx2Qppbui6Y+aMXoCtBv410wFxdE0U7i/+ZSf4U6cOi3y34QtBkicRdfPe/
hb6pe8WAqfzdkv+20lC/aM9sPjdM9r9/KYU6JPZ2knG9T4IJHMXEoxuk/TDZgM5P
Hl8pAY2LqN4ctbEclN0Z907baLkPBQDdbr38lD2H1isXsEZZxVuk8yoFOHyv2ey0
amf60BVX/kZgAUO+8v+eMXM+TrQJlRVOj0Jk0qL5HUJZ1yfE1Dzv4OwrVdkGI5e4
HGu7UgViAT5nQE7ATn7yoH31I00CWDfD1LPXrDsQeFsSYOJdfNFao+yPAYvE8XXL
AIWocEDRE1ANDJ0rNclgpn4kUtvqbYqdWxW97Ba5+6d9dHFc4CnXHHv6WFoEFTCH
RGufVgK54ynTLWi87jPoC371KOW3abjoWcsr5m57C2cil9nimjSTID+5w5zWXHip
0hp8q7N1rChsvkmoU5ZFnF8QjmbLOM2VFIW7hnT5WfXWkSOJLjCExEQuYJEcL7YC
nfacdGU6XXuJGhgFXCP7BYVQ5e8PlUowe/92T2NSPC7ZGCW0nsa3hH9wr8Jz
=K6/W
-----END PGP PUBLIC KEY BLOCK-----
-
Describe the vulnerability.
If you have a fix, that is most welcome -- please attach or summarize it in your message!
-
We will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. We will contact you to let you know the outcome, and will credit you in the report.
Please do not disclose the vulnerability publicly until a fix is released!
-
Once we have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it.
Here are the supported version for security updates:
| Version | Supported | End of support (DD-MM-YYYY format) |
|---|---|---|
| >=3.2.0 | ✅ | N/A |
| < 3.2.0 | 31-12-2026 | |
| < 3.0.0 | ❌ | 13-09-2024 |
Starting the version 3.2.0, we start following the Debian Long Term Support policy. As 3.2.0 is the first version packaged for Debian repository, we updated this table to support only this version and future versions.