BlackVideo uses a custom semantic–hierarchical versioning format:

v<major>.<minor>.<feature>.<patch>.<build>

Only actively maintained versions receive security updates and vulnerability patches.

• Major & Minor releases (v1.1.*) receive security updates.

• Patch and build updates inherit support from their parent version.

• Deprecated versions do not receive:

  • Security patches
  • Vulnerability fixes
  • Dependency updates

Users are strongly encouraged to upgrade to the latest supported release.

If you discover a security vulnerability in BlackVideo, please report it responsibly.

• Do NOT open a public GitHub issue for security vulnerabilities.
• Instead, report privately via one of the following:

Preferred:

• GitHub Security Advisories (if enabled)

Alternative:

• Email: security@blackvideo.app

Please provide as much detail as possible:

• Affected version(s)
• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Proof-of-concept (if available)
• Any suggested mitigation

• Reports are acknowledged within 48–72 hours

• Vulnerabilities are assessed and prioritized

• Fixes are released as:

  • Patch updates
  • Security advisories

• Public disclosure occurs after a fix is available

We appreciate responsible disclosure and will credit reporters when appropriate.

This policy applies to:

• BlackVideo core application
• Native modules (Tauri / Rust)
• Backend services
• Extension system APIs
• CLI / Terminal interfaces

• Third-party services or APIs
• External extensions not maintained by the BlackVideo team
• Unsupported or deprecated versions

BlackVideo is built with a security-first mindset, including:

• Sandboxed extension execution
• Permission-based APIs
• Restricted native access
• Secure defaults
• Minimal privilege design
• No silent remote code execution

This security policy is a living document and may evolve as the project grows.