Caution
Do not upload the contents of the user folder to any platform.
The Pelr project maintainers and community take all security issues seriously. We appreciate security researchers and users who report potential vulnerabilities.
We typically provide security updates only for the latest major release. Please ensure you are using the latest version.
Do not publicly report security vulnerabilities. To protect our users, please do not disclose security vulnerabilities in public repositories, Issues, or Discussions.
If you discover a security vulnerability, please contact us via email: pfolg@foxmail.com
Please include the following details to help us understand and verify the issue:
- Type and brief description of the vulnerability
- Affected components and versions
- Detailed reproduction steps (proof-of-concept code, screenshots, or screen recordings)
- Potential impact of the vulnerability
After you report a vulnerability through the private channel above, we will:
- Acknowledge receipt within 15 days
- Communicate with you to assess and verify the vulnerability
- Keep you updated on the progress of the fix
- Publicly acknowledge your contribution after the fix is released (if you wish)
We follow a responsible disclosure process:
- Security issue is reported privately
- Maintainer confirms the issue and begins developing a fix
- Fix is tested and a new release is published
- After the release, details of the vulnerability are publicly disclosed (typically in release notes), with credit to the reporter
We thank all researchers and users who help make Pelr more secure. We appreciate your time and effort in following responsible disclosure practices.
[Security contributors will be listed here]