Security Policy

Supported versions

The main branch is the only supported version. Older tags are for reference only.

Reporting a vulnerability

Email prowlr@proton.me with the subject [SECURITY] <repo> — <one-line summary>.

• Response within 72 hours on business days
• Please do not file public issues for security reports
• PGP key is published at https://prowlrbot.com/pgp.asc

Scope

All code in the ProwlrBot organization. CVE numbers are requested via MITRE once a fix ships.

Out of scope

• Social engineering
• Physical attacks
• Denial-of-service attacks
• Issues in third-party dependencies without a working ProwlrBot exploit path