Only the latest release receives security fixes. Please update to the latest version before reporting a vulnerability.

Do not open a public GitHub issue for security vulnerabilities.

If you discover a security issue in SoundBrake, please report it privately so it can be fixed before public disclosure.

1. Go to the repository's Security tab and open a private advisory.
2. Alternatively, email the maintainer directly (see the GitHub profile for contact details).

• A clear description of the vulnerability.
• Steps to reproduce or a proof-of-concept (if applicable).
• The potential impact / attack scenario.
• The SoundBrake version and OS you tested on.

• Acknowledgement within 3 business days.
• Status update (fix timeline or explanation) within 10 business days.
• Credit in the release notes (unless you prefer to remain anonymous).

SoundBrake is a local desktop application that reads system audio volume and sends desktop notifications. It does not:

• Make outbound network requests.
• Store or transmit personal data.
• Require elevated/admin privileges at runtime.

Security issues most likely to be relevant:

• Privilege escalation via the Windows installer or startup registration.
• Log file path traversal or injection leading to unintended file writes.
• Insecure inter-process communication used by the single-instance guard.

We follow responsible disclosure: we ask that you give us reasonable time to release a fix before sharing details publicly. We aim to release patches within 30 days of a confirmed vulnerability.