1There are a couple bug trackers relevant to WebRTC: 2 3 * [crbug.com](https://crbug.com) -- for Chrome. 4 5 * [bugzilla.mozilla.org](https://bugzilla.mozilla.org/) -- for Firefox. 6 7 * [bugs.webkit.org](https://bugs.webkit.org/) -- for Safari. 8 9 * [developer.microsoft.com](https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/) -- for Microsoft Edge. 10 11 * [bugs.opera.com/wizard](https://bugs.opera.com/wizard/) -- for Opera. 12 13 * [bugs.webrtc.org](http://bugs.webrtc.org) -- for WebRTC native code. 14 15Anyone with a [Google account][1] can file bugs in the Chrome and WebRTC trackers and they're continuously triaged by Chrome and WebRTC engineers. 16 17 18### How to File a Good Bug Report 19 20#### Instructions 21 22* Identify which bug tracker to use: 23 24 * If you're hitting a problem in Chrome, file the bug using the 25 [the Chromium issue wizard](https://chromiumbugs.appspot.com/?token=0) 26 Choose "Web Developer" and "API", then fill out the form. For the component choose 27 * Blink>GetUserMedia for camera/microphone issues 28 * Blink>MediaRecording for issues with the MediaRecorder API 29 * Blink>WebRTC for issues with the RTCPeerConnection API 30 This ensures the right people will look at your bug. 31 32 * If you're a developer working with the native code, file the bug at 33 [this link][4]. 34 35* Include as much as possible from the data points listed below. 36 37#### Example Data Points 38 39 * Version of the browser/app 40 41 * For Chrome: copy/paste from **chrome://version** 42 43 * For WebRTC native code: if applicable, include the branch (e.g. trunk) 44 and WebRTC revision (e.g. r8207) your application uses 45 46 * Operating system (Windows, Mac, Linux, Android, iOS, etc.) and version 47 (e.g. Windows 7, OS X 10.9, Ubuntu 14, etc.) 48 49 * Hardware platform/device model (e.g. PC, Mac, Samsung 4S, Nexus 7, iPhone 50 5S, iPad Air 2 etc) 51 52 * Camera and microphone model and version (if applicable) 53 54 * For Chrome audio and video device issues, please run the tests at 55 <https://test.webrtc.org>. After the tests finish running, click the bug 56 icon at the top, download the report, and attach the report to the issue 57 tracker. 58 59 * Web site URL 60 61 * Reproduction steps: detailed information on how to reproduce the bug. If 62 applicable, please either attach or link to a minimal test page in 63 HTML+JavaScript. 64 65 * For **crashes** 66 67 * If you experience a crash while using Chrome, please include a crash ID 68 by following [these instructions][2]. 69 70 * If you experience a crash while using WebRTC native code, please include 71 the full stacktrace. 72 73 * For **functional** issues or **ICE** issues, in either Chrome or a native 74 application, please gather a [native log][5]. 75 76 * For **connectivity** issues on Chrome, ensure **chrome://webrtc-internals** 77 is open in another tab before starting the call and while the call is in progress, 78 79 * expand the **Create Dump** section, 80 81 * click the **Download the PeerConnection updates and stats data** button. 82 You will be prompted to save the dump to your local machine. Please 83 attach that dump to the bug report. 84 85 * For **audio quality** issues on Chrome, while the call is in progress, 86 87 * please open **chrome://webrtc-internals** in another tab, 88 89 * expand the **Create Dump** section, 90 91 * fill in the **Enable diagnostic audio recordings** checkbox. You will be 92 prompted to save the recording to your local machine. After ending the 93 call, attach the recording to the bug. 94 95 * For **echo** issues, please try to capture an audio recording from the 96 side that is _generating_ the echo, not the side that _hears_ the echo. 97 For example, if UserA and UserB are in a call, and UserA hears herself 98 speak, please obtain an audio recording from UserB. 99 100 * For **regressions**, i.e. things that worked in one version and stopped working in 101 a later versioņ, provide both versions. If you know steps to reproduce you might 102 want to try [a bisect](https://www.chromium.org/developers/bisect-builds-py) to 103 identify the commit that changed the behaviour. 104 105 * For **video problems**, e.g. artifacts or decoder failures, a rtpdump file 106 with the unencrypted RTP traffic. This can by replayed using the video_replay 107 tool from the rtc_tools directory. 108 109 * For problem with the webcam, a dump or screenshot of the "Video Capture" tab 110 in chrome://media-internals. 111 112### Filing a Security Bug 113 114The WebRTC team takes security very seriously. If you find a vulnerability in 115WebRTC, please file a [Chromium security bug][ChromeSecurity], even if the bug 116only affects native WebRTC code and not Chromium. 117 118A history of fixed Chromium security bugs is best found via [security notes in 119Stable Channel updates on the Google Chrome releases blog][ChromeSecurityBlog]. 120 121You can also find fixed, publicly visible [Type=Bug-Security][ChromeBugList] 122bugs in the issue tracker (note: security bugs normally become publicly 123visible 14 weeks after they are fixed). If there is a bug in WebRTC code 124that Chromium isn’t using (such as the Java/ObjC wrappers for Android/iOS) 125we will announce fixes separately on [discuss-webrtc][DiscussWebRTC]. 126 127[Tracking released security bug disclosures][WebRtcBugList]. 128 129Note that we will generally NOT merge security fixes backwards to any branches, 130so if you’re using older branches it’s your responsibility to make sure the 131relevant security fixes get merged. 132 133 134### Receiving notifications about security bugs in Chrome 135 136To get automatic notifications about activity/comments in security bugs in 137Chrome you need to be either explicitly cc:d on specific bugs (by someone who 138has access to the bug) or be part of a special mailing list for all security bug 139notifications. To get on that list you have to apply to the Chrome Security 140team, see more about this on the [Chrome Security page][ChromeSecurity] under 141"How can I get access to Chromium vulnerabilities?" at the bottom of the page. 142 143Please note that Chrome's security-notify list will receive notifications about 144all security bugs in Chrome and not just the WebRTC ones. Normally it shouldn't 145be a problem to figure out whether an issue affects WebRTC since it will most 146likely be tagged with one of the WebRTC-related components (one of Blink>WebRTC, 147Blink>GetUserMedia, Blink>MediaStream, Blink>MediaRecording) or their sub- 148components. 149 150Also note that access granted by the list will only apply to bugs of Type=Bug- 151Security. Not all bugs with crashes, memory leaks and other potential 152vulnerabilities are marked as Bug-Security though. You can read more about what 153categories of bugs are deemed security bugs in the [Severity Guidelines for 154Security Issues][SeverityGuidelines] and also on the [Security FAQ][SecurityFaq] 155page. 156 157 158[1]: https://accounts.google.com/ 159[2]: http://www.chromium.org/for-testers/bug-reporting-guidelines/reporting-crash-bug 160[3]: https://code.google.com/p/chromium/issues/entry?template=Audio/Video%20Issue 161[4]: https://bugs.chromium.org/p/webrtc/issues/entry 162[5]: native-code/logging.md 163[ChromeSecurity]: https://www.chromium.org/Home/chromium-security/reporting-security-bugs 164[DiscussWebRTC]: https://groups.google.com/group/discuss-webrtc 165[ChromeSecurityBlog]: https://chromereleases.googleblog.com/search/label/Stable%20updates 166[ChromeBugList]: https://bugs.chromium.org/p/chromium/issues/list?can=1&q=Type%3DBug-Security+component%3ABlink%3EWebRTC+-status%3ADuplicate%2CWontfix&sort=-closed&colspec=ID+Pri+M+Component+Status+Owner+Summary+OS+Closed&x=m&y=releaseblock&cells=ids 167[WebRtcBugList]: https://bugs.chromium.org/p/webrtc/issues/list?q=Type%3DBug-Security&can=1 168[ChromeSecurity]: https://www.chromium.org/Home/chromium-security 169[SeverityGuidelines]: https://chromium.googlesource.com/chromium/src/+/main/docs/security/severity-guidelines.md 170[SecurityFaq]: https://chromium.googlesource.com/chromium/src/+/main/docs/security/faq.md 171