Users who find bugs are encouraged to report them to the Whonix issue tracker.
Once notified issues are reproduced and confirmed, developers discuss the problem in order to find a suitable workaround. All Whonix source code fixes and related matters are implemented as quickly as possible, and the finding is posted for the public benefit.
Users are kindly asked to privately report security bugs. Whonix developer Patrick Schleizer should be contacted via OpenPGP encrypted mail before the information is published. This allows the vulnerability to be patched without the Whonix user population being endangered, and the notifier can be credited with the finding(s) after the next Whonix release.
Whonix Package Upgrade Policy
Tickets that are resolved on the Whonix issue tracker are not automatically pushed to the stable (or even developer) version of Whonix. Stable package upgrades are rare, since they potentially risk destabilizing the Whonix platform and necessitating manual fixes by users to rectify the problem.
Issue tracker labels can be interpreted as follows:
- "Reviewed" items means: "completed in the latest source code version of Whonix" (but not released). Further testing is required in the next Whonix developers-only or testers-only release.
- "Resolved" items means: "completed in the development version of Whonix".
- There is no specific label to indicate status in the stable Whonix release.
Until Whonix has more developers and a stable release manager, users should not expect upgrades in stable Whonix packages, unless a critical security vulnerability is discovered. Fixes noted on the issue tracker will become available to all users after the next stable version of Whonix is released (Whonix 14). Advanced users who do not wish to wait can of course manually apply fixes to the relevant package(s) before that time. 
- For example, the Whonix AppArmor profiles package frequently breaks functional Tor Browser use when later browser versions are released, and is a primary candidate for manual fixes.
https | (forcing) onion
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.