We actively support the following versions of LRGEX Video Downloader:

We take security seriously. If you discover a security vulnerability, please follow these steps:

Security vulnerabilities should not be disclosed publicly until they have been addressed.

• Email: Create an issue with the title "SECURITY: [Brief Description]" and mark it as private
• Include: Detailed description, steps to reproduce, and potential impact

• Type of vulnerability
• Steps to reproduce
• Affected versions
• Potential impact assessment
• Suggested fix (if you have one)

• Initial response: Within 48 hours
• Status update: Within 1 week
• Fix deployment: Varies by severity (1-30 days)

• Only download content you have permission to download
• Be cautious with links from untrusted sources
• Verify link authenticity before processing

• Regularly review downloaded content
• Use antivirus software to scan downloaded files
• Keep your system and dependencies updated

• Don't share your links.txt file publicly
• Be aware that download logs may contain URLs
• Consider using VPN for additional privacy

• Downloads happen over public internet
• Some platforms may track download activity
• Consider network security implications

Our application relies on several third-party libraries:

• yt-dlp: Regularly updated, actively maintained
• requests: Widely used, security-focused
• mega.py: Community maintained

Recommendation: Keep dependencies updated by running uv sync regularly.

• Risk: Rate limiting, IP blocking
• Mitigation: Built-in retry logic, respectful request timing

• Risk: Link expiration, access restrictions
• Mitigation: Proper error handling, user notifications

• Only use executables from trusted sources
• Verify checksums when available
• Be cautious with executables from unknown contributors

# Verify integrity of dependencies
uv sync --locked

# Build with security considerations
pyinstaller --onefile --exclude-module=pathlib download_media.py

• Basic URL validation is performed
• Malicious URLs could potentially cause issues
• Mitigation: User education, safe browsing practices

• Application writes to local file system
• Potential for path traversal in filenames
• Mitigation: Filename sanitization implemented

• Application makes HTTP requests to external services
• DNS poisoning or man-in-the-middle attacks possible
• Mitigation: Use HTTPS when available, validate certificates

• All code changes require review
• Security implications are considered
• Dependencies are vetted before inclusion

• Regular dependency audits
• Prompt security updates
• Minimal dependency principle

• Sensitive information not logged
• Graceful failure handling
• User-friendly error messages

We follow responsible disclosure practices:

1. Security issues are fixed before public disclosure
2. Credit is given to security researchers (with permission)
3. Public advisories are issued for significant vulnerabilities

• Security updates are announced in release notes
• Critical vulnerabilities trigger immediate releases
• Users are notified through appropriate channels

Last Updated: May 27, 2025 Version: 1.0