Users who find bugs are encouraged to report them to the Whonix issue tracker. To assist developers, please refer to the Reporting Guidelines when describing the problem. In most cases it is helpful to report:
- Whonix version and platform.
- Affected component(s) or functionality.
- Steps to reproduce the behavior.
- Expected behavior.
- Actual behavior - including detailed console output.
- Relevant Documentation that was consulted.
- Any related, non-duplicate issues (bugs).
Once notified issues are reproduced and confirmed, developers discuss the problem in order to find a suitable solution or workaround. All Whonix source code fixes and related matters are implemented as quickly as possible and the finding is posted for the public benefit.
Users are kindly asked to privately report security bugs and describe the problem in detail - see the recommended Reporting Guidelines for guidance. Lead Whonix developer Patrick Schleizer should be contacted via OpenPGP encrypted mail before the information is published in public forums; see Contacting Whonix developers / Feedback / Questions. In this way, vulnerabilities can be patched without endangering the Whonix user population and the notifier can be credited with the finding(s) after the change reaches the stable repository (or next Whonix release).
Whonix Package Upgrade Policy
Prior to Whonix 14, tickets that were resolved on the Whonix issue tracker were not automatically pushed to the stable (or even developer) version of Whonix. This meant stable package upgrades were rare -- unless critical security security vulnerabilities were discovered -- thereby entirely avoiding the risk of destabilizing the Whonix platform and necessitating manual user fixes. Fixes noted on the issue tracker generally only became available to all users after the next stable version release.
Whonix 14 and later releases have transitioned to a rolling distribution, meaning far more frequent updates will filter through to the stable, stable-proposed-updates, testers and developers repositories. Advanced users who do not wish to wait for package updates can of course manually apply fixes to the relevant package(s) before that time. 
Phabricator issue tracker labels can be interpreted as follows:
- Reviewed: "Completed in the latest source code version of Whonix" (but not released). Further testing is required in the next Whonix developers-only or testers-only release.
- Resolved: "Completed in the development version of Whonix".
- There is no specific label to indicate status in the stable Whonix release.
- For example, the Whonix AppArmor profiles package is a prime candidate for manual fixes, as it frequently breaks functional Tor Browser use when later browser versions are released.
No user support in comments. See Support.
Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix is a trademark. Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix itself. (Why?)