StarOverlay is a small project, and as such, we do not have the resources to maintain a dedicated security team. This project is open source, and we encourage the community to contribute to the project. If you find a security issue, please report it to us privately. We will do our best to address the issue as quickly as possible.

Please do not report security vulnerabilities in the public issues. We will not be able to address them in a timely manner, and it may put other users at risk. Instead, please report them to us privately.

To report a security issue, please join our Discord server and send a direct message to one of the maintainers. Due to the limited time, it is possible that the issue will not be answered or fixed, if so, it is because the team considers that it is not of vital importance. It will still be taken into consideration.

Please do not include any sensitive information in your report. We will do our best to address the issue as quickly as possible.

In your report, please include as much detail as possible:

• A description of the location and potential impact of the vulnerability.
• A detailed description of the steps required to reproduce the vulnerability.
• Your name/handle and a link for recognition.
• Whether this is a public or private report.
• Any other relevant information.
• If you have a fix, please also include a patch.

Please do not test on the main server (production), we are open source and you can test on your own server.

We will not pursue legal action against researchers who point out a problem provided they do their best to follow the above guidelines in good faith. We will consider this to the fullest extent possible under the law.

We prefer all communications to be in English or Spanish. However, we will do our best to accommodate other languages.