# Security Policy

## Reporting Security Issues

Maintainers and community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](../../security/advisories/new) tab.

**Please do not report security vulnerabilities through public GitHub issues, discussions, or Discord.**

## What to Include in Your Report

To help us better understand and resolve the issue, please include as much of the following information as possible:

- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue

## Response Timeline

We will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

## Disclosure Policy

- Security issues will be disclosed in a coordinated manner
- We will credit reporters in the security advisory unless anonymity is requested
- We request that you do not publicly disclose the issue until we have released a fix

## Third-Party Dependencies

If you discover a security vulnerability in a third-party dependency used by Seerr, please report it directly to the maintainers of that module. You can also notify us through our security advisory process so we can:

- Track the issue and monitor for updates
- Apply patches or workarounds if available
- Coordinate with upstream maintainers when necessary
- Communicate the impact to our users

We regularly monitor and update our dependencies to address known security vulnerabilities.

## Security Updates

Security updates and advisories will be published on our [GitHub Security Advisories page](../../security/advisories).

## Community

For general questions and support (non-security related):

- [GitHub Discussions](../../discussions)
- [Discord](https://discord.gg/seerr)