Cliparr is a local-first tool that temporarily stores Plex auth state in server memory and proxies media from Plex to the browser.

Please do not open a public issue for vulnerabilities.

Report security concerns by opening a private security advisory on GitHub, or by contacting the project maintainer privately if advisories are not yet enabled.

Useful details include:

• Affected version or commit
• Steps to reproduce
• Expected and actual behavior
• Any relevant logs with Plex tokens, server addresses, and private media paths removed

Security fixes are provided for the latest release.