Please do not use GitHub issues for security-sensitive communication.
The LibreTime maintainers ask that known and suspected vulnerabilities to be privately and responsibly disclosed by:
- sending all the required detail to security@libretime.org,
- or by filling a security advisory on Github.
A LibreTime maintainer will acknowledged the report within 3 working days.
We aim to provide a security patch within 30 days, after this period the report will be disclosed to the public. The security patch will be distributed for the maintained versions of LibreTime.