• Older versions that are no longer supported may still have known vulnerabilities. We recommend always using the latest supported version to ensure your bot is secure.
• If you have forked this project and use a majority of our code, we strongly advise keeping your fork updated to prevent bugs, exploits, and vulnerabilities from being abused. Updating also ensures you receive the latest features and improvements.

We take the security of our Discord bot project seriously. If you discover a security issue, please report it responsibly by following these steps.

1. Contact Us Privately:

   • Email: AetherXdevs@outlook.com
   • Subject Line: [Security Issue] [Bot Name]
   • Include a clear description of the issue, steps to reproduce it, the potential impact, and the affected versions. You may also include a video if you desire to do so.

2. What Happens Next:

   • Acknowledgment: You will receive an acknowledgment within 24-72 hours of your report.
   • Assessment: The issue will be reviewed and verified by our team.
   • Resolution Timeline: Critical vulnerabilities will be prioritized, and a patch will be prepared as soon as possible.
   • Updates: We will provide regular updates (at least every 7 days) on the status of your report.

3. After the Fix:

   • Once resolved, a patched version will be released.
   • If you consent, we will credit your contribution in our public release notes.

• Token Security: If you find exposed bot tokens, API keys, or other sensitive credentials in the source code, please notify us immediately. These issues will be treated with the highest priority.
• Permissions: If you discover that the bot requests excessive permissions or uses privileges that could be misused, let us know.
• Responsible Disclosure: Avoid sharing details of the vulnerability publicly until a fix has been implemented.

We ask that you follow responsible disclosure practices:

• Do not exploit the vulnerability.
• Do not share the vulnerability publicly until a fix has been released.
• We will work with you to address the issue as quickly as possible.

By working together, we can ensure a safer experience for all users of the bot.

This policy applies to all instances of the bot running our publicly available source code. If you run a version of the bot yourself, ensure you follow best practices to secure your token and dependencies.