InHive takes the security of its software and users seriously. We are a censorship-circumvention and privacy project — vulnerabilities can put real people at risk, so we treat them with priority.

Do not open a public issue for security vulnerabilities.

Report privately through GitHub Security Advisories, or contact the team via @InHive_support_bot.

Please include:

• A description of the vulnerability and its impact
• Steps to reproduce (proof-of-concept if possible)
• Affected component(s) and version(s)

1. We acknowledge your report within 72 hours.
2. We investigate and confirm the issue.
3. We develop and test a fix.
4. We coordinate a release and public disclosure timeline with you.

We classify issues into two tiers: Tier 1 (traffic interception, identity exposure, key compromise) gets an expedited timeline; Tier 2 (local-only or low-impact) follows the standard cycle.

We appreciate responsible disclosure and will credit reporters who wish to be named.