Security Policy
April 9, 2026 ยท View on GitHub
Supported Versions
| Version | Supported |
|---|---|
| 2.x.x | :white_check_mark: |
| 1.x.x | :x: |
Reporting a Vulnerability
We take security seriously. If you discover a security vulnerability in the Quality Gate plugin, please report it responsibly.
How to Report
- Do NOT create a public GitHub issue for security vulnerabilities
- Send an email to the repository owner through GitHub's private contact feature
- Or create a private security advisory
What to Include
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Response Timeline
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution Target: Within 30 days for critical issues
Security Considerations
This plugin handles access control for media files. When deploying:
- Keep Jellyfin Updated: Always run the latest stable version of Jellyfin
- Review Policies Regularly: Audit your quality gate policies periodically
- Limit Admin Access: Only trusted users should have plugin configuration access
- Monitor Logs: Check Jellyfin logs for any unusual Quality Gate activity
Acknowledgments
We appreciate responsible disclosure and will acknowledge security researchers who help improve this plugin's security.