| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
Only the latest images on main receive security updates.
If you discover a security vulnerability, please report it responsibly:
- Do not open a public GitHub issue.
- Email security@blackoutsecure.com with:
- A description of the vulnerability
- Steps to reproduce
- Affected image tags or components
- You will receive acknowledgment within 48 hours and a resolution timeline within 7 days.
This policy covers the Docker packaging, CI/CD pipelines, and the scripts in root/usr/local/ (retrostack-lib.sh, retrostack-emulator-run, retrostack-emulator-launch, retrostack-provision) in this repository. Vulnerabilities in upstream emulators (RetroArch, PPSSPP, Dolphin) should be reported to their respective projects.
Upstream emulator versions are monitored every 6 hours. When a new release is detected, images are automatically rebuilt and published with the latest security patches from the ubuntu:noble base.