Labels

Ticket where a patch should be uplifted into the upstream repo

This issue has an upstream ticket associated with it

An issue that includes user feedback beyond a simple bug report, e.g. a feature request, UX feedback, or other comment.

This tag is a global one, it can be used in all issues related to the VPN product. It was created envisioning the future work we will do for this product no matter if it is sponsored or not.

Issues for minimum viable product for VPN

This issues are the ones that need to be completed for the migration from Transifex to Weblate.

Year End Campaign tickets

Makes bots supporting this label ignore this issue.

Issues to be resolved during the next currently unnumbered ESR transition

Critical vulnerability with immediate risk to users or infrastructure. Likely to be actively exploitable, with widespread or severe impact such as remote code execution, authentication bypass, or full data exfiltration. Requires immediate response and coordination.

Serious security vulnerability that could lead to user harm, data exposure, or significant system compromise. Often remotely exploitable, affects default configurations or untrusted inputs, and has a clear or demonstrated impact. Requires prioritization and typically must be addressed before major releases or external disclosures.

Minor security concern with limited impact or exploitability. Might involve poor security hygiene, minor information leakage, or issues only exploitable in highly constrained, non-default, or theoretical scenarios. Does not require immediate attention but should be tracked and addressed as part of ongoing hardening or cleanup.

Moderate security risk with potential for user impact or system compromise in specific conditions. Exploitable under certain configurations, by authenticated users, or with user interaction. May require coordination to fix but is not actively being exploited or affecting critical paths. Should be addressed in the near term.