If you discover a security vulnerability in RetroLoop, please report it responsibly. Do not open a public GitHub issue.
Instead, report vulnerabilities via GitHub Security Advisories.
- Description of the vulnerability
- Steps to reproduce
- Affected versions or components
- Potential impact
- Suggested fix (if any)
| Step | Timeframe |
|---|---|
| Acknowledgment | Within 48 hours |
| Initial evaluation | Within 7 days |
| Fix and disclosure | Coordinated with reporter |
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older releases | No |
We follow a responsible disclosure process:
- Reporter submits vulnerability privately
- We acknowledge receipt within 48 hours
- We evaluate severity and impact within 7 days
- We develop and test a fix
- We release the fix and publish a security advisory
- Reporter is credited (unless they prefer anonymity)
We ask that you give us reasonable time to address the issue before any public disclosure.