If you believe you have found a security or privacy issue in this project, please report it privately.
- email: devs@put.io
Private reports are preferred for security and privacy issues.
If you are unsure whether something is sensitive, email first instead of opening a public issue.
Useful reports usually include issues involving:
- token, secret, or credential exposure
- unsafe handling of device passwords or signing keys
- command injection through CLI arguments, env values, or device responses
- publishing, release, or package integrity problems
- private device, account, or media identifier exposure
- test only against devices, accounts, environments, and data you control
- keep testing non-destructive, low-volume, and service-safe
- do not include device passwords, signing keys, account tokens, private content IDs, or local device identifiers in public issues, pull requests, examples, or logs
Only the latest published version receives routine fixes.
Please allow a reasonable amount of time to investigate and fix the issue before sharing details publicly.