Skip to content

Security: div197/BOB-Youtube

Security

SECURITY.md

Security Policy

BOB YouTube 0.1 is ready for local/private Docker developer use. It is not a public multi-tenant SaaS boundary by itself.

Read the full model in:

docs/SECURITY.md

Reporting Security Issues

Please do not open public issues with secrets, exploit details, private URLs, cookies, or downloaded media.

Use the public contact path from ABCsteps:

https://abcsteps.com/contact/

Important Boundaries

  • Use BOB_YOUTUBE_API_TOKEN for any shared or networked API deployment.
  • Bind to 127.0.0.1 for local-only integrations.
  • Never commit cookies, .env, browser profiles, or downloaded media.
  • Do not expose the advanced raw lane to unknown users without another authorization and policy layer.

There aren't any published security advisories