Skip to content

Security: Fchat-Horizon/Horizon

Security

Report a vulnerability

SECURITY.md

Security Policy

So you've found a security vulnerability in Horizon? This is where you should be.

Supported Versions

Only the latest release of Horizon receives security fixes. Please verify the issue is reproducible on the latest version before reporting.

Reporting a Vulnerability

Vulnerabilities that only impact Horizon

Email: dev@hoizn.moe

Please allow 60 days from the initial report before public disclosure.

Vulnerabilities also present in F-Chat 3.0

Email: kira@f-list.net

Please do not publicly disclose the vulnerability until a patch is released (no fixed deadline).

Vulnerabilities present on the F-List site

Report through the F-List ticket system: https://www.f-list.net/tickets.php

Please do not publicly disclose the vulnerability until a patch is released (no fixed deadline).

What to include in your report

  • A clear description of the vulnerability and potential impact
  • Reproduction steps or proof of concept (if safe to share)
  • Affected OS(es)
  • OS version(s)
  • Installation method
  • Tested Horizon versions (including any 3.0 versions, if applicable)
  • Any mitigations or workarounds discovered

There aren’t any published security advisories