The following versions of rss-tui are currently supported with security updates:

Note: As rss-tui is currently in pre-1.0 development, version support focuses on the latest minor version series. Users are encouraged to update to the latest version via crates.io for security fixes.

If you discover a security vulnerability in rss-tui, please report it responsibly.

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Email security reports to: rsstui@halloran.email (or create a GitHub Security Advisory)
3. Alternatively, use GitHub's Private Vulnerability Reporting feature

Please include the following information in your report:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact and severity assessment
• Suggested fix (if you have one)

• Initial Response: Within 7 days
• Status Update: Within 30 days
• Fix Timeline: Depends on severity
  • Critical: As soon as possible (typically within 7-14 days)
  • High: Within 30 days
  • Medium/Low: Next planned release

• You will receive acknowledgment of your report
• We will investigate and verify the vulnerability
• If accepted, we will work on a fix and coordinate disclosure
• If declined, we will explain why
• You will be credited in the security advisory (unless you prefer to remain anonymous)

We follow responsible disclosure practices:

• Vulnerabilities will be disclosed after a fix is available
• A security advisory will be published on GitHub
• The fix will be included in the next release
• We will coordinate with you on the disclosure timeline

Thank you for helping keep rss-tui secure!