Thank you for helping keep AuroraMusic and its users safe.

I aim to keep the latest tagged release and the master branch secure. Older tags may not receive fixes unless the issue is critical and easy to backport.

• Please report vulnerabilities privately via GitHub Security Advisories (preferred) or by opening a private discussion. Avoid filing public issues for security problems.
• If you cannot use advisories, you may reach the owner via Discord (profile in the repository NOTICE) and follow up with a minimal, reproducible description.
• Include:
  • Affected version/commit and environment
  • Steps to reproduce and impact
  • Any suggested mitigations

• This bot runs with Discord permissions; do not test on servers you do not control.
• Do not perform denial-of-service testing or spam Discord APIs.
• No bug bounty program is offered; responsible disclosures are appreciated and will be credited in release notes when applicable.

I rely on third‑party libraries (e.g., discord.py, yt-dlp). If the issue lies in a dependency, I may coordinate upstream and track mitigation here. Dependabot is enabled to keep dependencies updated.