The Aperture Viewer Project is committed to ensuring the security and safety of our users and the integrity of the Second Life and OpenSimulator platforms. We take all security vulnerabilities seriously and appreciate the vital role that independent security researchers play in this ecosystem.

Our development is high-velocity, and our resources are focused on the future. As such, we only provide security updates for the most recent official release of Aperture Viewer.

The primary and preferred method for reporting a security vulnerability is through GitHub's private vulnerability reporting feature.

This provides a secure, private channel directly to the project maintainers and allows us to track and remediate the issue within our development workflow.

We are committed to working with you to understand and resolve the issue. A high-quality report should include:

• A clear and descriptive title and summary of the vulnerability.
• The exact version number of Aperture Viewer that is affected.
• A detailed, step-by-step procedure to reproduce the vulnerability.
• A description of the potential impact of the vulnerability.
• Any proof-of-concept code, screenshots, or logs that can help us understand the issue.

When you submit a private vulnerability report, we make the following commitments:

1. We will make our best effort to provide a timely acknowledgement of your report's receipt (typically within 72 hours).
2. We will conduct a thorough investigation and confirm the existence of the vulnerability.
3. We will maintain an open line of communication with you through the advisory.
4. We will take all necessary steps to remediate the confirmed vulnerability in a future release.

If a vulnerability is discovered to be in an upstream codebase (i.e., the Linden Lab Viewer or the Firestorm Viewer), we will follow standard responsible disclosure practices by privately notifying and coordinating with the appropriate security teams.

We deeply value the work of security researchers. We are happy to provide public acknowledgement and credit to individuals who discover and responsibly disclose valid vulnerabilities to us. Thank you for helping us keep Aperture Viewer and its community safe.