We actively provide security updates for the following versions of Symphex:

We take the security of Symphex seriously. If you believe you have found a security vulnerability, please report it to us as described below.

• Email: Send details to cybernilsen@gmail.com (or your preferred email)
• Subject: Use "SECURITY: [Brief Description]" in the subject line
• GitHub: For non-sensitive issues, you can also create a private security advisory

Please include the following information in your report:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Your contact information (optional)
• Any proof-of-concept or exploit code (if applicable)

• Initial Response: Within 48 hours of report
• Status Update: Weekly updates on investigation progress
• Resolution: Target 30 days for non-critical, 7 days for critical vulnerabilities

If Accepted:

• We'll work with you to understand and resolve the issue
• Credit will be given in release notes (unless you prefer to remain anonymous)
• We may request additional testing or information

If Declined:

• We'll provide a detailed explanation of why the issue isn't considered a security vulnerability
• Alternative solutions or mitigations may be suggested

• Always download Symphex from official GitHub releases
• Verify file hashes when provided
• Keep dependencies (yt-dlp, FFmpeg) updated via the app
• Be cautious when downloading from untrusted sources
• Report suspicious behavior or unexpected network activity

• Please do not publicly disclose vulnerabilities until we've had a chance to address them
• We aim for coordinated disclosure with a reasonable timeline
• We reserve the right to publicly disclose details after fixes are released

Thank you for helping keep Symphex secure!