Report a security issue

The h2o/picotls project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via

Security advisories

Remediation of security vulnerabilities is prioritized by the project team. The project team endeavors to coordinate remediation with third-party stakeholders, and is committed to transparency in the disclosure process. The picotls/h2o team announces security issues via h2o project Github Release notes as well as the h2o website on a best-effort basis.