Files
bearwave/SECURITY.md
2026-05-31 18:00:56 +02:00

26 lines
1.1 KiB
Markdown

# Security Policy
BearWave is currently in a public beta phase. Security reports are very welcome and should be handled carefully, especially since BearWave processes external internet radio streams and metadata.
## Supported Versions
During the beta phase, security fixes target the latest code on `main` and the most recent published release when practical.
Older releases are not guaranteed to receive backported fixes. Users should update to the latest available release after a security fix is published.
## Reporting a Vulnerability
Please **do not** open a public issue for a vulnerability before it has been reviewed.
Preferred reporting path:
1. Use GitHub's private vulnerability reporting / security advisory feature for this repository, if available.
2. If private reporting is not available, contact the maintainer through GitHub and request a private disclosure channel.
Include as much detail as possible:
- Affected BearWave version or commit SHA
- Operating system and desktop environment
- Steps to reproduce the issue
- Potential impact of the vulnerability