We recommend always using the latest version of hdrop as we only apply security patches to the most recent version.

Your assistance in discovering and reporting vulnerabilities in hdrop is highly appreciated. Here is the procedure for responsibly disclosing security vulnerabilities:

1. Report via GitHub issues: We recommend reporting vulnerabilities directly through GitHub issues. You can create a new issue and label it as a security concern.

2. Provide ample detail: In your report, please include a description of the vulnerability, its potential impact, and steps for reproducing it. The more detailed your report, the faster we can verify and respond to the issue.

3. Wait for response: We will respond to your report as soon as possible. After our initial acknowledgement, we will then send regular updates about our progress. If a vulnerability is verified, we will work to release a patch as quickly as possible and will engage with you for your assistance during this process.

4. Public disclosure: Once a major vulnerability is patched, we will make a public announcement. We encourage you to coordinate your disclosure with ours.

We deeply value your contribution to the security of hdrop and will credit you for your responsible disclosure.

Please note, hdrop does not currently have a bug bounty program and we are unable to offer monetary rewards for vulnerability disclosures.

Thank you for your help in keeping hdrop and our users safe!