1.1 KiB
1.1 KiB
Security Policy
Supported Versions
This repository is currently in an early alpha stage.
Security fixes are expected on:
- the current
mainbranch - the newest tagged pre-release, when one exists
Older snapshots may not receive backported fixes.
Reporting a Vulnerability
Please do not open a public issue for a suspected security problem before the maintainer has had a chance to assess it.
Preferred process:
- Report the issue privately through your forge's private reporting workflow, if available.
- If private reporting is not available, contact the maintainer through the repository owner profile first.
- Include:
- affected version or commit
- reproduction steps
- impact
- any workaround, if known
Scope
Relevant security reports include:
- credential or token leakage
- unsafe network handling
- update or packaging integrity issues
- sandbox, entitlement, or macOS permission mistakes
- malicious or unintended code execution paths
Reports that are only stream-quality, broken station metadata, or ordinary playback bugs should go through the normal issue tracker.