⚡ PLEASE DON'T DISCLOSE SECURITY-RELATED ISSUES PUBLICLY, SEE BELOW. ⚡

Only the latest major version receives security fixes.

Let’s keep things simple –

The Lyne team takes all security concerns in Lyne Design System seriously. Thank you for improving the security of Lyne. We appreciate your efforts, responsible disclosure your information and will make every effort to acknowledge your contributions.

If you think you have identified a vulnerability or security related issue within Lyne Design System, please report it immediately to lyne-design-system@sbb.ch. If you are not sure, don’t worry. Better safe than sorry – just send an email.

Please do not:

• Open issues on GitHub related to any security concerns publicly
• Include anyone else on the disclosure email

When reporting an issue, include as much information as possible — necessary. Just tell us what you found, how to reproduce it, and any concerns you have about it. We will respond as soon as possible and follow up with any missing information.

Besides providing your insights via email you can also report the vulnerability / security issue through our bug bounty program.