The pleezer project is actively being developed, and we currently only support the latest version. We recommend users always update to the latest version of pleezer to ensure they have the most recent security updates and fixes.
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We take the security of pleezer seriously. If you discover a security vulnerability, please follow these steps:
- Do not report security vulnerabilities through public GitHub issues or discussions
- Contact the author directly via email (see Contacting the Author)
- Include detailed steps to reproduce the vulnerability
- Wait for acknowledgment before any public disclosure
- Acknowledgment: We aim to acknowledge reports within a few days to a few weeks
- Updates: We will keep you informed of our progress
- Disclosure: We will coordinate the public disclosure with you after the fix is released
- Credit: We will acknowledge your contribution in the release notes (unless you prefer not to be credited)
- Keep your
secrets.tomlfile secure and private - Update to the latest version of pleezer regularly
- Use strong, unique passwords for your Deezer account
- Avoid sharing sensitive information in public forums
We maintain security through:
- Weekly dependency scans via GitHub Dependabot
- Mandatory code reviews for all changes
- Security-focused testing and review processes
When we fix a security vulnerability:
- We release an update as quickly as possible
- We document the fix in the release notes
- We notify affected users if necessary
We kindly request:
- Private disclosure of vulnerabilities
- Reasonable time to investigate and fix issues
- Coordination on public disclosure timing
Your help in keeping pleezer users secure is greatly appreciated.
For general security suggestions, use GitHub Discussions. For sensitive security matters, contact the author directly.