Files
bearhub/SECURITY.md
2026-05-31 17:48:55 +02:00

1.2 KiB

Security Policy

Supported Versions

Security fixes are provided on a best-effort basis for:

  • the latest Bearhub release
  • the current main branch

Older releases may not receive security updates.

Reporting a Vulnerability

Please do not open public issues for undisclosed security vulnerabilities.

Use one of these channels:

  1. GitHub Security Advisories (preferred):
    • Go to the repository Security tab
    • Create a private vulnerability report
  2. If advisory reporting is unavailable, contact maintainers directly via GitHub.

Include as much detail as possible:

  • affected Bearhub version
  • platform details (Arch version, Python version, desktop session)
  • reproduction steps
  • expected vs. actual behavior
  • logs, stack traces, and proof-of-concept (if available)

Response Process

Maintainers will:

  • acknowledge the report as soon as possible
  • validate impact and scope
  • prepare and publish a fix
  • credit reporters where appropriate (if desired)

Disclosure

Please allow reasonable time for validation and patching before public disclosure.

Once fixed, we will disclose:

  • impacted versions
  • mitigation/fix guidance
  • release references containing the patch