MIPI Alliance software projects follow the security process in Annex D.6 of the MIPI Policy and Procedures for Software Development Projects.
Do not report security vulnerabilities through public GitHub issues.
Report them by email to:
Please include, where possible: a description and impact, steps to reproduce or a proof of concept, affected version(s)/commit(s), and any known mitigations. You may include a patch.
The project Security Team (or, absent one, the Maintainer) evaluates each report,
prepares a fix where warranted, and coordinates disclosure. No information about an issue
is released publicly before the corresponding coordinated release, except where the
vulnerability is already public. Security releases are tagged major.minor.subminor-securityX.