<!DOCTYPE html> <html lang="en" class="js csstransforms3d"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="generator" content="Hugo 0.80.0" /> <!-- Hugo: 2025-04-03T16:01:28 &#43;0000 - Job: n/a 2025-04-03T16:00:25 &#43;0000 - Commit: 8400662befb32a2e9d13fb54769492065ef83666 - production //--> <meta name="description" content="Pidgin is a universal chat client, allowing you to consolidate all your different messaging apps into a single tool."> <meta property="og:title" content="Security" /> <meta property="og:description" content="Pidgin is a universal chat client, allowing you to consolidate all your different messaging apps into a single tool." /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://pidgin.im/about/security/" /> <meta property="og:image" content="https://pidgin.im/images/pidgin-circle-256.png" /> <meta property="og:updated_time" content="2022-04-28T10:40:22+00:00" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:image" content="https://pidgin.im/images/pidgin-circle-256.png" /> <meta name="twitter:title" content="Security" /> <meta name="twitter:description" content="Pidgin is a universal chat client, allowing you to consolidate all your different messaging apps into a single tool." /> <link rel="shortcut icon" href="/favicon/favicon.ico"> <link rel="icon" sizes="16x16 32x32 64x64" href="/favicon/favicon.ico"> <link rel="icon" type="image/png" sizes="196x196" href="/favicon/favicon-192.png"> <link rel="icon" type="image/png" sizes="160x160" href="/favicon/favicon-160.png"> <link rel="icon" type="image/png" sizes="96x96" href="/favicon/favicon-96.png"> <link rel="icon" type="image/png" sizes="64x64" href="/favicon/favicon-64.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon/favicon-32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon/favicon-16.png"> <link rel="apple-touch-icon" href="/favicon/favicon-57.png"> <link rel="apple-touch-icon" sizes="114x114" href="/favicon/favicon-114.png"> <link rel="apple-touch-icon" sizes="72x72" href="/favicon/favicon-72.png"> <link rel="apple-touch-icon" sizes="144x144" href="/favicon/favicon-144.png"> <link rel="apple-touch-icon" sizes="60x60" href="/favicon/favicon-60.png"> <link rel="apple-touch-icon" sizes="120x120" href="/favicon/favicon-120.png"> <link rel="apple-touch-icon" sizes="76x76" href="/favicon/favicon-76.png"> <link rel="apple-touch-icon" sizes="152x152" href="/favicon/favicon-152.png"> <link rel="apple-touch-icon" sizes="180x180" href="/favicon/favicon-180.png"> <meta name="msapplication-TileColor" content="#8451A1"> <meta name="msapplication-TileImage" content="/favicon/favicon-144.png"> <meta name="msapplication-config" content="favicon/browserconfig.xml"> <title>Security :: Pidgin, the universal chat client</title> <link href="/css/nucleus.css?1743696088" rel="stylesheet"> <link href="/css/fontawesome-all.min.css?1743696088" rel="stylesheet"> <link href="/css/hybrid.css?1743696088" rel="stylesheet"> <link href="/css/featherlight.min.css?1743696088" rel="stylesheet"> <link href="/css/perfect-scrollbar.min.css?1743696088" rel="stylesheet"> <link href="/css/auto-complete.css?1743696088" rel="stylesheet"> <link href="/css/atom-one-dark-reasonable.css?1743696088" rel="stylesheet"> <link href="/css/theme.css?1743696088" rel="stylesheet"> <link href="/css/hugo-theme.css?1743696088" rel="stylesheet"> <link href="/css/theme-pidgin.css?1743696088" rel="stylesheet"> <link href="/css/custom.css?1743696088" rel="stylesheet"> <script src="/js/jquery-3.3.1.min.js?1743696088"></script> <style> :root #header + #content > #left > #rlblock_left{ display:none !important; } </style> </head> <body class="" data-url="/about/security/"> <nav id="sidebar" class=""> <div id="header-wrapper"> <div id="header"> <a href="/"><img src="/images/logo.png" alt="pidgin logo"></a> </div> <div class="searchbox"> <label for="search-by"><i class="fas fa-search"></i></label> <input data-search-input id="search-by" type="search" placeholder="Search..."> <span data-search-clear=""><i class="fas fa-times"></i></span> </div> <script type="text/javascript" src="/js/lunr.min.js?1743696088"></script> <script type="text/javascript" src="/js/auto-complete.js?1743696088"></script> <script type="text/javascript"> var baseurl = "https:\/\/pidgin.im\/"; </script> <script type="text/javascript" src="/js/search.js?1743696088"></script> </div> <div class="highlightable"> <ul class="topics"> <li data-nav-id="/install/" title="Install" class="dd-item "> <a href="/install/"> Install </a> </li> <li data-nav-id="/plugins/" title="Plugins" class="dd-item "> <a href="/plugins/"> Plugins </a> </li> <li data-nav-id="/about/" title="About" class="dd-item parent "> <a href="/about/"> About </a> <ul> <li data-nav-id="/about/pidginchat/" title="Pidgin Chat" class="dd-item "> <a href="/about/pidginchat/"> Pidgin Chat </a> </li> <li data-nav-id="/about/philosophy/" title="Philosophy and Goals" class="dd-item "> <a href="/about/philosophy/"> Philosophy and Goals </a> </li> <li data-nav-id="/about/supported-languages/" title="Supported Languages" class="dd-item "> <a href="/about/supported-languages/"> Supported Languages </a> </li> <li data-nav-id="/about/security/" title="Security" class="dd-item parent active "> <a href="/about/security/"> Security </a> <ul> <li data-nav-id="/about/security/advisories/" title="Advisories" class="dd-item "> <a href="/about/security/advisories/"> Advisories </a> <ul> <li data-nav-id="/about/security/advisories/cve-2022-26491/" title="cve-2022-26491-00" class="dd-item "> <a href="/about/security/advisories/cve-2022-26491/"> cve-2022-26491-00 </a> </li> </ul> </li> </ul> </li> </ul> </li> <li data-nav-id="/help/" title="Help" class="dd-item "> <a href="/help/"> Help </a> <ul> <li data-nav-id="/help/protocols/" title="Services (Protocols)" class="dd-item "> <a href="/help/protocols/"> Services (Protocols) </a> <ul> <li data-nav-id="/help/protocols/bonjour/" title="Bonjour" class="dd-item "> <a href="/help/protocols/bonjour/"> Bonjour </a> </li> <li data-nav-id="/help/protocols/gadugadu/" title="Gadu-Gadu" class="dd-item "> <a href="/help/protocols/gadugadu/"> Gadu-Gadu </a> </li> <li data-nav-id="/help/protocols/groupwise/" title="GroupWise" class="dd-item "> <a href="/help/protocols/groupwise/"> GroupWise </a> </li> <li data-nav-id="/help/protocols/irc/" title="IRC" class="dd-item "> <a href="/help/protocols/irc/"> IRC </a> </li> <li data-nav-id="/help/protocols/sametime/" title="Sametime" class="dd-item "> <a href="/help/protocols/sametime/"> Sametime </a> </li> <li data-nav-id="/help/protocols/silc/" title="SILC" class="dd-item "> <a href="/help/protocols/silc/"> SILC </a> </li> <li data-nav-id="/help/protocols/xmpp/" title="XMPP (Jabber)" class="dd-item "> <a href="/help/protocols/xmpp/"> XMPP (Jabber) </a> <ul> <li data-nav-id="/help/protocols/xmpp/supportedxep/" title="Supported XEP&#39;s" class="dd-item "> <a href="/help/protocols/xmpp/supportedxep/"> Supported XEP&#39;s </a> </li> </ul> </li> <li data-nav-id="/help/protocols/zephyr/" title="Zephyr" class="dd-item "> <a href="/help/protocols/zephyr/"> Zephyr </a> </li> <li data-nav-id="/help/protocols/otherprotocols/" title="Other Protocols" class="dd-item "> <a href="/help/protocols/otherprotocols/"> Other Protocols </a> </li> </ul> </li> <li data-nav-id="/help/theming/" title="Theming Pidgin" class="dd-item "> <a href="/help/theming/"> Theming Pidgin </a> </li> <li data-nav-id="/help/windows/" title="Windows-Specific Questions" class="dd-item "> <a href="/help/windows/"> Windows-Specific Questions </a> </li> </ul> </li> <li data-nav-id="/development/" title="Development" class="dd-item "> <a href="/development/"> Development </a> <ul> <li data-nav-id="/development/building/" title="Building" class="dd-item "> <a href="/development/building/"> Building </a> <ul> <li data-nav-id="/development/building/3.0.0/" title="3.0.0" class="dd-item "> <a href="/development/building/3.0.0/"> 3.0.0 </a> </li> <li data-nav-id="/development/building/2.x.y/" title="2.x.y" class="dd-item "> <a href="/development/building/2.x.y/"> 2.x.y </a> <ul> <li data-nav-id="/development/building/2.x.y/windows/" title="Windows" class="dd-item "> <a href="/development/building/2.x.y/windows/"> Windows </a> </li> </ul> </li> </ul> </li> <li data-nav-id="/development/contributing/" title="Contributing" class="dd-item "> <a href="/development/contributing/"> Contributing </a> </li> <li data-nav-id="/development/gsoc/" title="Google Summer of Code" class="dd-item "> <a href="/development/gsoc/"> Google Summer of Code </a> <ul> <li data-nav-id="/development/gsoc/instructions/" title="GSoC Instructions" class="dd-item "> <a href="/development/gsoc/instructions/"> GSoC Instructions </a> </li> <li data-nav-id="/development/gsoc/ideas/" title="GSoC Ideas" class="dd-item "> <a href="/development/gsoc/ideas/"> GSoC Ideas </a> </li> </ul> </li> <li data-nav-id="/development/debugging/" title="Debugging" class="dd-item "> <a href="/development/debugging/"> Debugging </a> </li> <li data-nav-id="/development/voice-and-video/" title="Voice and Video" class="dd-item "> <a href="/development/voice-and-video/"> Voice and Video </a> <ul> <li data-nav-id="/development/voice-and-video/voice-and-video-api/" title="Voice and Video API" class="dd-item "> <a href="/development/voice-and-video/voice-and-video-api/"> Voice and Video API </a> </li> </ul> </li> <li data-nav-id="/development/i18n/" title="Internationalization" class="dd-item "> <a href="/development/i18n/"> Internationalization </a> </li> <li data-nav-id="/development/release-process/" title="Release Process" class="dd-item "> <a href="/development/release-process/"> Release Process </a> </li> <li data-nav-id="/development/faq/" title="FAQ" class="dd-item "> <a href="/development/faq/"> FAQ </a> </li> <li data-nav-id="/development/design-guidelines/" title="Design Guidelines" class="dd-item "> <a href="/development/design-guidelines/"> Design Guidelines </a> </li> </ul> </li> <li data-nav-id="/contact/" title="Contact" class="dd-item "> <a href="/contact/"> Contact </a> </li> <li data-nav-id="/post/" title="Blog" class="dd-item "> <a href="/post/"> Blog </a> <ul> <li data-nav-id="/posts/2024-08-malicious-plugin/" title="Malicious Plugin" class="dd-item "> <a href="/posts/2024-08-malicious-plugin/"> Malicious Plugin </a> </li> <li data-nav-id="/posts/2024-02-2.14.13-released/" title="2.14.13 Released!" class="dd-item "> <a href="/posts/2024-02-2.14.13-released/"> 2.14.13 Released! </a> </li> <li data-nav-id="/posts/2024-02-state-of-the-bird-2023-q4/" title="State of the Bird 2023 Q4" class="dd-item "> <a href="/posts/2024-02-state-of-the-bird-2023-q4/"> State of the Bird 2023 Q4 </a> </li> <li data-nav-id="/posts/2023-11-state-of-the-bird-2023-q3/" title="State of the Bird 2023 Q3" class="dd-item "> <a href="/posts/2023-11-state-of-the-bird-2023-q3/"> State of the Bird 2023 Q3 </a> </li> <li data-nav-id="/posts/2023-08-facebook-republished/" title="Facebook Republished" class="dd-item "> <a href="/posts/2023-08-facebook-republished/"> Facebook Republished </a> </li> <li data-nav-id="/posts/2023-08-facebook-takedown/" title="Facebook Takedown" class="dd-item "> <a href="/posts/2023-08-facebook-takedown/"> Facebook Takedown </a> </li> <li data-nav-id="/posts/2023-07-state-of-the-bird-2023-q2/" title="State of the Bird 2023 Q2" class="dd-item "> <a href="/posts/2023-07-state-of-the-bird-2023-q2/"> State of the Bird 2023 Q2 </a> </li> <li data-nav-id="/posts/2023-01-state-of-the-bird-2022-q4/" title="State of the Bird 2022 Q4" class="dd-item "> <a href="/posts/2023-01-state-of-the-bird-2022-q4/"> State of the Bird 2022 Q4 </a> </li> <li data-nav-id="/posts/2022-12-2.14.12-released/" title="2.14.12 Released!" class="dd-item "> <a href="/posts/2022-12-2.14.12-released/"> 2.14.12 Released! </a> </li> <li data-nav-id="/posts/2022-10-state-of-the-bird-2022-q3/" title="State of the Bird 2022 Q3" class="dd-item "> <a href="/posts/2022-10-state-of-the-bird-2022-q3/"> State of the Bird 2022 Q3 </a> </li> <li data-nav-id="/posts/2022-09-digitalocean-sponsorship-renewed/" title="DigitalOcean Sponsorship Renewed" class="dd-item "> <a href="/posts/2022-09-digitalocean-sponsorship-renewed/"> DigitalOcean Sponsorship Renewed </a> </li> <li data-nav-id="/posts/2022-07-state-of-the-bird-2022-q2/" title="State of the Bird 2022 Q2" class="dd-item "> <a href="/posts/2022-07-state-of-the-bird-2022-q2/"> State of the Bird 2022 Q2 </a> </li> <li data-nav-id="/posts/2022-06-2.14.10-released/" title="2.14.10 Released!" class="dd-item "> <a href="/posts/2022-06-2.14.10-released/"> 2.14.10 Released! </a> </li> <li data-nav-id="/posts/2022-05-google-talk-shutdown/" title="Google Talk Shutdown" class="dd-item "> <a href="/posts/2022-05-google-talk-shutdown/"> Google Talk Shutdown </a> </li> <li data-nav-id="/posts/2022-04-2.14.9-released/" title="2.14.9 Released!" class="dd-item "> <a href="/posts/2022-04-2.14.9-released/"> 2.14.9 Released! </a> </li> <li data-nav-id="/posts/2022-04-state-of-the-bird-2022-q1/" title="State of the Bird 2022 Q1" class="dd-item "> <a href="/posts/2022-04-state-of-the-bird-2022-q1/"> State of the Bird 2022 Q1 </a> </li> <li data-nav-id="/posts/2022-02-libera-wallops/" title="Libera Wallops" class="dd-item "> <a href="/posts/2022-02-libera-wallops/"> Libera Wallops </a> </li> <li data-nav-id="/posts/2022-01-state-of-the-bird-2021-q4/" title="State of the Bird 2021 Q4" class="dd-item "> <a href="/posts/2022-01-state-of-the-bird-2021-q4/"> State of the Bird 2021 Q4 </a> </li> <li data-nav-id="/posts/2021-10-2.14.8-released/" title="2.14.8 Released!" class="dd-item "> <a href="/posts/2021-10-2.14.8-released/"> 2.14.8 Released! </a> </li> <li data-nav-id="/posts/2021-10-state-of-the-bird-2021-q3/" title="State of the Bird 2021 Q3" class="dd-item "> <a href="/posts/2021-10-state-of-the-bird-2021-q3/"> State of the Bird 2021 Q3 </a> </li> <li data-nav-id="/posts/2021-09-2.14.7-released/" title="2.14.7 Released!" class="dd-item "> <a href="/posts/2021-09-2.14.7-released/"> 2.14.7 Released! </a> </li> <li data-nav-id="/posts/2021-09-gsoc-2021-retrospective/" title="GSoC 2021 Retrospective" class="dd-item "> <a href="/posts/2021-09-gsoc-2021-retrospective/"> GSoC 2021 Retrospective </a> </li> <li data-nav-id="/posts/2021-07-2.14.6-released/" title="2.14.6 Released!" class="dd-item "> <a href="/posts/2021-07-2.14.6-released/"> 2.14.6 Released! </a> </li> <li data-nav-id="/posts/2021-06-irc-network-changes/" title="IRC Network Changes" class="dd-item "> <a href="/posts/2021-06-irc-network-changes/"> IRC Network Changes </a> </li> <li data-nav-id="/posts/2021-06-pidgin3-development-scripts/" title="Pidgin3 Development Scripts" class="dd-item "> <a href="/posts/2021-06-pidgin3-development-scripts/"> Pidgin3 Development Scripts </a> </li> <li data-nav-id="/posts/2021-06-hgkeeper-and-mercurial-5.8-issue/" title="HGKeeper and Mercurial 5.8 Issue" class="dd-item "> <a href="/posts/2021-06-hgkeeper-and-mercurial-5.8-issue/"> HGKeeper and Mercurial 5.8 Issue </a> </li> <li data-nav-id="/posts/2021-06-2.14.5-released/" title="2.14.5 Released!" class="dd-item "> <a href="/posts/2021-06-2.14.5-released/"> 2.14.5 Released! </a> </li> <li data-nav-id="/posts/2021-05-gsoc-2021/" title="Gsoc 2021" class="dd-item "> <a href="/posts/2021-05-gsoc-2021/"> Gsoc 2021 </a> </li> <li data-nav-id="/posts/2021-05-thank-you-steadfast/" title="Thank You, Steadfast" class="dd-item "> <a href="/posts/2021-05-thank-you-steadfast/"> Thank You, Steadfast </a> </li> <li data-nav-id="/posts/2021-05-digitalocean-sponsorship/" title="DigitalOcean Sponsorship" class="dd-item "> <a href="/posts/2021-05-digitalocean-sponsorship/"> DigitalOcean Sponsorship </a> </li> <li data-nav-id="/posts/2021-04-2.14.4-released/" title="2.14.4 Released!" class="dd-item "> <a href="/posts/2021-04-2.14.4-released/"> 2.14.4 Released! </a> </li> <li data-nav-id="/posts/2021-04-2.14.3-released/" title="2.14.3 Released!" class="dd-item "> <a href="/posts/2021-04-2.14.3-released/"> 2.14.3 Released! </a> </li> <li data-nav-id="/posts/2021-04-2.14.2-released/" title="2.14.2 Released!" class="dd-item "> <a href="/posts/2021-04-2.14.2-released/"> 2.14.2 Released! </a> </li> <li data-nav-id="/posts/2021-03-pidginchat/" title="Pidginchat" class="dd-item "> <a href="/posts/2021-03-pidginchat/"> Pidginchat </a> </li> <li data-nav-id="/posts/2021-02-libgnt-2.14.1-released/" title="libgnt 2.14.1 Released" class="dd-item "> <a href="/posts/2021-02-libgnt-2.14.1-released/"> libgnt 2.14.1 Released </a> </li> <li data-nav-id="/posts/2021-02-bintray-sunsetting/" title="Bintray Sunsetting" class="dd-item "> <a href="/posts/2021-02-bintray-sunsetting/"> Bintray Sunsetting </a> </li> <li data-nav-id="/posts/2020-06-2.14.1-released/" title="2.14.1 Released!" class="dd-item "> <a href="/posts/2020-06-2.14.1-released/"> 2.14.1 Released! </a> </li> <li data-nav-id="/posts/2020-06-2.14.0-released/" title="2.14.0 Released!" class="dd-item "> <a href="/posts/2020-06-2.14.0-released/"> 2.14.0 Released! </a> </li> <li data-nav-id="/posts/2020-01-nest-launch/" title="Nest Launch" class="dd-item "> <a href="/posts/2020-01-nest-launch/"> Nest Launch </a> </li> </ul> </li> </ul> <section id="shortcuts"> <h3></h3> <ul> <li> <a class="padding" href="https://issues.imfreedom.org/issues/PIDGIN"><i class='fas fa-fw fa-tasks'></i> Issue Tracker</a> </li> <li> <a class="padding" href="https://keep.imfreedom.org/pidgin/"><i class='fas fa-fw fa-code'></i> Repositories</a> </li> <li> <a class="padding" href="https://shop.spreadshirt.com/imfreedom"><i class='fas fa-fw fa-tshirt'></i> Merchandise</a> </li> <li> <a class="padding" rel=me href="https://fosstodon.org/@pidgin"><i class='fab fa-fw fa-mastodon'></i> Mastodon</a> </li> </ul> </section> <section id="prefooter"> <hr /> <ul> <li> <a class="padding"> <i class="fas fa-language fa-fw"></i> <div class="select-style"> <select id="select-language" onchange="location = this.value;"> <option id="en" value="https://pidgin.im/about/security/" selected>English (US)</option> </select> <svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="255px" height="255px" viewBox="0 0 255 255" style="enable-background:new 0 0 255 255;" xml:space="preserve"> <g> <g id="arrow-drop-down"> <polygon points="0,63.75 127.5,191.25 255,63.75 " /> </g> </g> </svg> </div> </a> </li> </ul> </section> <section id="footer"> <a href="https://imfreedom.org/donate" class="donate-button"> <i class="fas fa-heart"></i> Donate </a> </section> </div> </nav> <section id="body"> <div id="overlay"></div> <div class="padding highlightable"> <div> <div id="top-bar"> <div id="top-github-link"> <a class="github-link" title='Edit this page' href="https://keep.imfreedom.org/pidgin/nest/file/default/hugo/content/about/security/_index.md" target="blank"> <i class="fas fa-code-branch"></i> <span id="top-github-link-text">Edit this page</span> </a> </div> <div id="breadcrumbs" itemscope="" itemtype="http://data-vocabulary.org/Breadcrumb"> <span id="sidebar-toggle-span"> <a href="#" id="sidebar-toggle" data-sidebar-toggle=""> <i class="fas fa-bars"></i> </a> </span> <span id="toc-menu"><i class="fas fa-list-alt"></i></span> <span class="links"> <a href='/'>Pidgin</a> > <a href='/about/'>About</a> > Security </span> </div> <div class="progress"> <div class="wrapper"> <nav id="TableOfContents"> <ul> <li><a href="#reporting-a-security-related-issue">Reporting a Security-related Issue</a></li> <li><a href="#receiving-security-related-reports">Receiving Security-related Reports</a></li> </ul> </nav> </div> </div> </div> </div> <div id="head-tags"> </div> <div id="body-inner"> <h1> Security </h1> <p>Being a network client which interacts with untrusted users and servers, managing vulnerabilities and security response is important to the Pidgin project and to our users. We have established procedures for collecting security-related information, and for disclosing this information to the public.</p> <p>Please see our comprehensive <a href="/about/security/advisories/">list of known and reported security advisories</a> for information on past vulnerabilities.</p> <h2 id="reporting-a-security-related-issue">Reporting a Security-related Issue</h2> <p>If you believe you have discovered a security problem or vulnerability in Pidgin, libpurple, Finch, or one of our related projects, please let us know by using one of the following methods:</p> <ul> <li><strong>Our preferred way:</strong> Emailing <a href="mailto:security@pidgin.im">security@pidgin.im</a>. If you choose this method and would like to encrypt the contents of your email, you may use the <a href="https://pidgin.im/pgp-pubkey/grim-pubkey.asc">pgp key of our lead developer</a>.</li> <li>Use this specific <a href="https://issues.imfreedom.org/newIssue?project=PIDGIN&amp;c=visible%20to%20Pidgin%20Developers">new issue</a> link, which will create a new issue in our issue tracker while ensuring that its visibility is set so that it&rsquo;s only visible to the <code>Pidgin Developers</code> team. The visibility selection we are referring to can be verified by looking for it right above the <em>Create</em> button. Setting a limited visibility is of <em>utmost</em> importance as otherwise we&rsquo;d need to consider the vulnerability to have been made public since everyone could read it from our issue tracker.</li> </ul> <p>In order to help us fix the problem as quickly as possible and with as little exposure to malicious intent to our users as can be managed, we ask that you give us a chance to fix the problem before you publish its existence or details in a public forum, and that you provide us with as much information as you can. In return, we will endeavor to respond to your concerns in a timely fashion. When reporting a security-related bug or a vulnerability, please provide us with as much of the information in the following list as possible. If you don&rsquo;t know what something is or how to provide it, that&rsquo;s OK, leave it out and tell us what you do know.</p> <ul> <li>A way to contact you or your organization.</li> <li>The version of Pidgin, libpurple, Finch, or other package in which the problem was discovered.</li> <li>A concise description of the problem, including a summary of why you believe it is security-critical. This might be, for example, &ldquo;Receipt of an invalid XMPP message containing the tag <code>&lt;foo&gt;</code>; causes Pidgin to write data to an invalid memory location.&rdquo;</li> <li>Steps to reproduce the problem, if known.</li> <li>Any debugging information, including backtraces (see our instructions for <a href="/development/debugging/#obtaining-a-backtrace">obtaining a backtrace</a>, a debug log (the output of <code>pidgin --debug</code>), etc.</li> <li>Any proof of concept exploits, debugging tools, or other information you have and are willing to divulge.</li> <li>The oldest and newest versions of our software affected by the bug <em>to the best of your knowledge</em>. If you don&rsquo;t know, that&rsquo;s fine — we&rsquo;ll try to find out.</li> <li>Information on any security reports or vulnerability assessments you may have already made on the issue (preferably not yet public, as mentioned above).</li> <li>Any proposed embargo dates, release schedules, etc. you or your organization may have established.</li> </ul> <h2 id="receiving-security-related-reports">Receiving Security-related Reports</h2> <p>We maintain a list of packagers and maintainers of Pidgin and related software which we notify of security vulnerabilities and their fixes prior to disclosure to the public. This allows packagers and distributors of our software to release patched or updated versions simultaneously with the public disclosure of known issues. We attempt to provide sufficient advance warning to this list that packages may be properly prepared before disclosure.</p> <p>If you believe you should be on this list, please contact <a href="mailto:security@pidgin.im">security@pidgin.im</a> and let us know why.</p> <footer class=" footline"> </footer> </div> </div> <div id="navigation"> </div> </section> <div style="left: -1000px; overflow: scroll; position: absolute; top: -1000px; border: none; box-sizing: content-box; height: 200px; margin: 0px; padding: 0px; width: 200px;"> <div style="border: none; box-sizing: content-box; height: 200px; margin: 0px; padding: 0px; width: 200px;"></div> </div> <script src="/js/clipboard.min.js?1743696088"></script> <script src="/js/perfect-scrollbar.min.js?1743696088"></script> <script src="/js/perfect-scrollbar.jquery.min.js?1743696088"></script> <script src="/js/jquery.sticky.js?1743696088"></script> <script src="/js/featherlight.min.js?1743696088"></script> <script src="/js/highlight.pack.js?1743696088"></script> <script> hljs.initHighlightingOnLoad(); </script> <script src="/js/modernizr.custom-3.6.0.js?1743696088"></script> <script src="/js/learn.js?1743696088"></script> <script src="/js/hugo-learn.js?1743696088"></script> <link href="/mermaid/mermaid.css?1743696088" rel="stylesheet" /> <script src="/mermaid/mermaid.js?1743696088"></script> <script> mermaid.initialize({ startOnLoad: true }); </script> <footer id="footline"> <div class="footline-block"> Modified 2022-04-28 </div> <div class="footline-block footline-old-site-info"> To see content from the old wiki visit a <a href="https://old.pidgin.im" rel="nofollow"> old.pidgin.im </a> </div> <ul class="footline-block footline-columns"> <li> <a href="https://issues.imfreedom.org/issues/PIDGIN"><i class='fas fa-fw fa-tasks'></i> Issue Tracker</a> </li> <li> <a href="https://keep.imfreedom.org/pidgin/"><i class='fas fa-fw fa-code'></i> Repositories</a> </li> <li> <a href="https://shop.spreadshirt.com/imfreedom"><i class='fas fa-fw fa-tshirt'></i> Merchandise</a> </li> <li> <a href="https://fosstodon.org/@pidgin"><i class='fab fa-fw fa-mastodon'></i> Mastodon</a> </li> </ul> <div class="footline-block"> <section class="supporters"> <b>Our Supporters</b> <div> <a href="https://www.digitalocean.com/?refcode=b69e5dddf595&amp;utm_campaign=Referral_Invite&amp;utm_medium=Referral_Program&amp;utm_source=badge"> <img src="/images/badges/DO_Logo_horizontal_black.svg" alt="DigitalOcean" /> </a> <a href="https://sourceforge.net"> <img src="/images/badges/source-forge-logo.svg" alt="SourceForge" style="min-width:190px" /> </a> </div> </section> </div> <ul class="footline-block footline-columns copyright-text"> <li> &copy; Pidgin </li> <li> Content - GPL3 </li> <li> <a href="https://github.com/matcornic/hugo-theme-learn">Theme</a> - MIT </li> </ul> </footer> <script src="/js/js.cookie.min.js"></script> <div style="display:none;"> <div class="notices tip notification-bar"> <p> <span class="alert-bar-close-button"><i class="fas fa-times"></i></span> Looking to reach us via XMPP? Check out the new <a href='/about/pidginchat'>PidginChat</a> service! </p> </div> </div> <script> try { var code = "pidgin-chat-announcement"; } catch (e) { console.error("Error with cookie code", e); } if (code && code !== Cookies.get("hide-notification")) { var bar = $(".notification-bar"); $(".padding.highlightable").prepend(bar); $(".alert-bar-close-button").on("click", function(elem) { Cookies.set("hide-notification", code); bar.detach(); }); } </script> <style> .alert-bar-close-button { position: absolute; top: 2px; right: 10px; color: white; font-weight: bold; cursor: pointer; transition: 0.3s; } .alert-bar-close-button:hover { color: black; } </style> </body> </html>