Only the latest minor release receives security fixes. Older versions are not patched.

This is a client-side Minecraft mod with no network surface and no authentication. The most plausible vulnerabilities involve:

• crash-on-render from a malformed ContainerComponent on a shulker box ItemStack
• memory exhaustion from an attacker-controlled container with an oversized inventory entry list

If you find something that fits, please don't open a public issue. Instead, use GitHub's private vulnerability reporting:

1. Go to https://github.com/Nekuzaky/BetterPeek/security/advisories/new.
2. Describe the vulnerability, reproduction steps, and impact.

You should expect an acknowledgement within a few days. A fix and a public advisory will follow once a patch is available.

For routine bugs (crashes that aren't security-relevant, weird preview behaviour) please use the regular issue tracker.