Please do not use GitHub issues for security-sensitive communication.

The LibreTime maintainers ask that known and suspected vulnerabilities to be privately and responsibly disclosed by:

• sending all the required detail to security@libretime.org,
• or by filling a security advisory on Github.

A LibreTime maintainer will acknowledged the report within 3 working days.

We aim to provide a security patch within 30 days, after this period the report will be disclosed to the public. The security patch will be distributed for the maintained versions of LibreTime.