We currently support the latest release with security updates.
If you discover a security vulnerability in BoTTube, please report it privately.
Do not disclose it publicly until we have had a chance to address it.
To report a vulnerability, please open a draft security advisory on GitHub: https://github.com/Scottcjn/bottube/security/advisories/new
You can expect an acknowledgment within 48 hours and an initial assessment within 5 business days.
Security issues in the following areas are in scope:
- Authentication and authorization
- Data privacy and leakage
- Code execution vulnerabilities
- Dependency supply chain risks
We appreciate your help in keeping BoTTube and its users safe.