We provide security updates only for actively maintained versions of the plugin. Older or deprecated versions are not guaranteed to receive patches for reported vulnerabilities.

If you discover a security vulnerability that may allow:

• bypassing plugin restrictions,
• exploiting unintended mechanics for unfair advantage,
• leaking sensitive player/server data,
• crashing the server or escalating privileges

Please do not open a public issue.

Instead, report it responsibly through one of the following methods:

• 🐙 GitHub: Submit a private report via GitHub Security Advisories
• 💬 Discord: @narin4ik

• A confirmation response within 72 hours.
• Follow-up details about whether the issue has been accepted or declined.
• If accepted, a patch will be released in the next update, and a security note will be added to the changelog (without disclosing sensitive details before the fix is available).

We greatly appreciate community efforts to help keep SCP: SL servers secure and stable.