We actively maintain security updates for the following versions of VidBeast:
| Version | Supported |
|---|---|
| 3.5.x | ✅ |
| 3.4.x | ✅ |
| 3.3.x | ❌ |
| < 3.3 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability in VidBeast, please follow these steps:
- Do NOT create a public GitHub issue for security vulnerabilities
- Do NOT discuss the vulnerability publicly until it has been addressed
- Email us directly at: security@vidbeast.com (or create a private issue)
Please include the following information in your report:
- Description: A clear description of the vulnerability
- Impact: Potential impact and severity assessment
- Reproduction: Step-by-step instructions to reproduce the issue
- Environment: Operating system, VidBeast version, and relevant system details
- Files: Any relevant files, screenshots, or proof-of-concept code
- Acknowledgment: We will acknowledge receipt within 48 hours
- Initial Assessment: We will provide an initial assessment within 1 week
- Progress Updates: Regular updates every 2 weeks until resolution
- Resolution: We aim to resolve critical vulnerabilities within 30 days
- Code Signing: All releases are digitally signed for authenticity
- Sandboxing: Renderer processes run in restricted sandboxes
- Input Validation: All user inputs are validated and sanitized
- Secure Defaults: Security-first configuration by default
- Local Processing: Video files are processed locally, not uploaded
- Temporary Files: Secure cleanup of temporary processing files
- Permissions: Minimal system permissions requested
- Encryption: Sensitive configuration data is encrypted
- Supply Chain: Dependencies regularly audited for vulnerabilities
- Automated Scanning: Security scanning integrated into CI/CD
- Reproducible Builds: Build process is reproducible and verifiable
- Update Integrity: Application updates are cryptographically verified
- Download Only from Official Sources: Get VidBeast from official releases only
- Verify Signatures: Check digital signatures before installation
- Keep Updated: Install security updates promptly
- File Sources: Be cautious when processing videos from untrusted sources
- System Security: Keep your operating system and dependencies updated
- Secure Development: Follow secure coding practices
- Dependency Management: Regularly update and audit dependencies
- Code Review: All changes undergo security-focused code review
- Testing: Include security testing in development workflows
- Documentation: Document security considerations for new features
- Malformed Files: VidBeast safely handles malformed video files
- Memory Limits: Processing limits prevent memory exhaustion attacks
- Sandboxing: FFmpeg processes run in restricted environments
- Validation: File format validation before processing
- Context Isolation: Renderer and main processes are properly isolated
- Node Integration: Node.js integration disabled in renderer when possible
- CSP Headers: Content Security Policy headers implemented
- Remote Content: No remote content loading in production builds
Security updates are released as needed and may include:
- Patches for discovered vulnerabilities
- Updates to address new threat vectors
- Improvements to existing security measures
- Updates to security dependencies
Users will be notified of security updates through:
- GitHub release notifications
- Application update mechanisms
- Security advisory announcements
For security-related questions or concerns:
- Email: security@vidbeast.com
- PGP Key: Available on request for encrypted communications
- Response Time: We respond to security inquiries within 48 hours
We appreciate the security research community and will acknowledge researchers who responsibly disclose vulnerabilities (with their permission).
Last Updated: September 2025
Policy Version: 1.0