If you discover a security vulnerability in bloop, please report it responsibly.
Email: jaikoo@proton.me
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
I will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.
This policy covers the bloop server binary and its first-party SDKs. Third-party dependencies should be reported to their respective maintainers.
Once a fix is available, I will publish a security advisory on the GitHub repository.