Reporting Issues

Bug Reporting Guidelines

We appreciate bug reports, and community suggestions allow us to continually improve our software.

Before submitting an issue, we'd appreciate if you can do the following:

  • Check that you are running the most current internal tools, framework, and embedded library,

  • Search for your issue in the other troubleshooting documents,

  • Ensure the laws of maths and physics still apply - run a minimalistic project like the tutorial project to check basic operation.

When reporting an issue, we'd appreciate you include the following information as applicable:

  • Steps for reproduction, what you expected, and what happened,
  • Logs, console error messages or other files you feel are important,
  • Versions for applicable Electric UI products where possible,
  • Generic system information such as your OS, any esoteric hardware or software,
  • Hardware information (microcontroller architecture & family, general firmware information that might be applicable, compiler & version)

If you have the ability to create a minimal representation of the problem, it would be greatly appreciated.

Embedded Library

Report issues with the electricui-embedded C library through GitHub Issues.

If you have ported or modified the library we'd appreciate that information too!

UI Framework

Report issues with the UI against $TODO_UI_RFC.

Assistive Tooling

Report tool problems (such as arc, tests and developer tooling) against $TODO.

Website and support services

Our docs and blog content is available here and we accept pull requests as appropriate. Sections of our site's backend, package registry and internal tooling are not publicly available.

We'd recommend sending us an email with any relevant information.

Community contributions

We would generally suggest you approach relevant upstream package developers if you are having specific technical issues with a third-party dependancy or tool we've not discussed in the documentation.

If the issue relates to any of the Electric UI products, create an issue on the subreddit?


Security Disclosures

We highly value software security and strive to improve the quality of our services. We encourage the community, security researchers and third parties to report security vulnerabilities, reports or provide feedback at a technical level.

If you would like to report a vulnerability, please send an email to security@electricui.com. Include contact information, PGP public key and other applicable information as deemed necessary. We'll acknowledge receipt of the report within 48 hours, and will engage with you to flesh out details, provide resolutions and progress updates.

We aren't in a position to offer a bounty program right now.

Electric UI PGP (encryption) public key information is here.

Responsible Disclosure Guidelines

We encourage responsible reporting. We will not take legal action against you, and would appreciate if you follow these Responsible Disclosure Guidelines:

  • Provide details of the vulnerability, including information needed to reproduce the vulnerability. A Proof of Concept (POC) is highly desired (but not required).
  • Try not to cause interruptions to services which may affect our users or internal systems.
  • Do not access, manipulate, or share data that does not belong to you.
  • Do not use technical, or social engineering techniques on our users.
  • Provide Electric UI with a reasonable period of time to address the issue before sharing with any other party and/or person(s) or making any information public.

We welcome copies/links to any blogs, post-mortem reports or relevant forum threads discussing the disclosed issue(s).

Third-party software vulnerabilities

We intend to offer an open and clear communication process with researchers throughout the disclosure process. If vulnerabilities reported to us affect a third-party framework, library, service or vendor, Electric UI reserves the right to communicate with the affected party (but we'll keep you in the loop, and offer you the opportunity to handle reporting upstream if possible).

As Electric UI is a developer-facing framework, we have a limited ability to control downstream issues introduced by developer modification. If the vulnerability is specific to an application using Electric UI, we will make reasonable provisions to protect and assist other developers, through documentation or architectural improvements where appropriate.