We actively maintain and provide security updates for the following versions:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We recommend always using the latest release for the best security and stability.
If you discover a security vulnerability in Cliparino, please report it privately to help us address it before public disclosure.
Email: angrmgmt@gmail.com
Subject Line: [SECURITY] Vulnerability in Cliparino
Please provide as much detail as possible to help us understand and reproduce the issue:
- Description: Clear description of the vulnerability
- Impact: Potential security impact and severity assessment
- Reproduction Steps: Detailed steps to reproduce the issue
- Affected Components: Which parts of Cliparino are affected
- Environment:
- Cliparino version
- Streamer.bot version
- OBS version
- Operating system
- Proof of Concept: Code snippets, logs, or screenshots (with sensitive data redacted)
- Suggested Fix: If you have ideas for remediation
- Acknowledgment: We will acknowledge receipt within 48 hours
- Assessment: We will assess the vulnerability and determine severity
- Communication: We will keep you informed of our progress
- Resolution: We will develop and test a fix
- Disclosure: Once fixed, we will:
- Release a security update
- Credit you in release notes (if desired)
- Coordinate public disclosure timeline
When using Cliparino:
- Keep Updated: Always use the latest version
- Protect Tokens: Never share Twitch API tokens or Streamer.bot credentials
- Review Logs: If sharing logs for support, redact sensitive information
- Secure OBS: Use OBS WebSocket authentication
- Limit Access: Restrict moderator permissions to trusted users
The following are generally not considered security vulnerabilities:
- Bugs that don't have security implications
- Issues in third-party dependencies (report to respective projects)
- Social engineering attacks against streamers/viewers
- Denial of service via Twitch chat spam (use Twitch moderation tools)
We kindly request that you:
- Do not publicly disclose the vulnerability before we've had time to address it
- Do not exploit the vulnerability beyond what's necessary for demonstration
- Give us reasonable time to develop and release a fix (typically 90 days)
We appreciate your efforts to responsibly disclose findings and will acknowledge your contribution.
Security updates are released as soon as possible after verification. We will:
- Tag releases with severity (e.g.,
SECURITY: Critical Fix) - Document the issue in release notes
- Notify users via GitHub releases
For any security-related questions or concerns:
- Email: angrmgmt@gmail.com
- General Issues: GitHub Issues (for non-security bugs)
Thank you for helping keep Cliparino and its users secure!