Security fixes are provided only for the latest released version of qBitrr. Older releases are not maintained for security patches. Upgrade to the latest release to receive security updates.

Report security issues privately so they can be fixed before public disclosure.

Preferred: Use GitHub's private reporting flow: open the Security tab, then use Report a vulnerability.

Please include:

• A clear description of the issue and its potential impact
• Steps to reproduce (if possible)
• The qBitrr version and environment you tested (OS, install method, relevant config if safe to share)

We will acknowledge receipt when we can and coordinate on a fix and disclosure timeline where appropriate.

Please do not publish details of an unfixed vulnerability until a fix is available, unless we agree otherwise.