Skip to content

Security: FreeRADIUS/freeradius-server

Security

Report a vulnerability

SECURITY.md

Security Policy

All security vulnerabilities should be reported to [email protected]

All security disclosures are published on the FreeRADIUS web site, at https://www.freeradius.org/security/

Supported Versions

We accept security reports for version 3.0, 3.2, and for the git "master" branch, as seen in the table below.

Version Supported
"master"
3.2.x
3.0.x
< 3.0

Git "master" branch.

We accept security reports for the "master" branch. However, please be aware that while this branch will eventually become version 4.0.0, we have not yet made an official release.

The "master" branch may have temporary issues as development continues. The "master" branch may even have compile failures from time to time.

Version 3.2.x

Version 3.2 is the currently supported release stream. We accept security reports, feature requests, bug reports, etc. for this branch.

Version 3.0.x

Version 3.0 is the current "stable" release stream. It is officially "end of life", and no further development is being done on that branch.

We accept security reports for this branch, but we do not accept feature requests or bug reports, for this branch.

Versions before 3.0

We do not accept security notifications for versions before 3.0.

All older versions of FreeRADIUS are officially not just "end of life", but are "end of support". No code changes will be made to those versions, even for security vulnerabilities.

Reporting a Vulnerability

All security vulnerabilities should be reported to [email protected]

PGP Key

The following PGP key can be used to sign messages which are sent to [email protected]. The key is also available on PGP key servers (for [email protected]), and on the FreeRADIUS web site at https://www.freeradius.org/pgp/[email protected]

-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org

mQCNAzx7wFMAAAEEALq2yahNGENq7Z8xqIaaxlMYPEqdnWme+QQRobX+0mHJ+xjv uU9icVaQJrgrcgmH9Sx5avAZViypk/bBSwxUxbUZfF9LRsEPJB2Rpg2eLuxShYiE x0CMCAIQvDFCmygm4+dqgkj1/BCImki8nvQIoW56uTTkskZuq6kul4vkAkl9AAUR tCRBbGFuIFQuIERlS29rIDxhbGFuZEBmcmVlcmFkaXVzLm9yZz6JAJUDBRA8e8BT qS6Xi+QCSX0BAXvOA/wPxVKQXtyfQSFi8WrPa0QUaRzm8j9Kna9u9Xn2wzF18neH ogxzDIdJZtB2zDRKaRbNeYrcz0LnC5sxZqMco0NkI7P2ifE42aWXauSuYaYA9uG6 kP+CFjprorK0Cc6NUL47nWxB5x5zkix85MUjkMbOFyrZrUKKcHAeWfjzMf0Vkg== =VwDM -----END PGP PUBLIC KEY BLOCK-----

There aren’t any published security advisories