Gorrent is actively developed. Security fixes are generally applied only to the latest stable release.
| Version | Supported |
|---|---|
| Latest release | ✅ |
| Previous major release | |
| Older releases | ❌ |
If you are running an older version, please upgrade before reporting a vulnerability.
If you believe you have found a security vulnerability in Gorrent, please do not open a public GitHub Issue.
Instead, report it privately by one of the following methods:
- GitHub Security Advisories (preferred): Security → Report a vulnerability
Please include as much information as possible:
- Gorrent version
- Operating system
- Configuration (if relevant)
- Steps to reproduce
- Proof-of-concept or exploit (if available)
- Impact assessment
After receiving a report, I will:
- Acknowledge receipt within 72 hours.
- Investigate and reproduce the issue.
- Work on a fix if the issue is confirmed.
- Coordinate responsible disclosure.
- Publish a patched release and security advisory when appropriate.
Examples of issues that are considered security vulnerabilities include:
- Remote Code Execution (RCE)
- Authentication or authorization bypass
- Privilege escalation
- Information disclosure
- Persistent denial of service caused by malformed APIs
- Memory corruption or unsafe parsing vulnerabilities in the search engine
The following generally are not considered security vulnerabilities:
- Crashes caused only by local users with filesystem access
- Missing TLS termination when running behind a reverse proxy
- Performance issues without security impact
- Feature requests
- Configuration mistakes made by users (e.g. running the dashboard on
0.0.0.0without settingREDB_DASHBOARD_USER/REDB_DASHBOARD_PASS)
Gorrent is intended to run inside trusted environments such as:
- Docker
- Kubernetes
- Internal infrastructure
- Edge deployments
- Home labs
Users deploying Gorrent directly on the public Internet are responsible for providing appropriate security controls such as:
- TLS
- Authentication
- Firewalls
- Reverse proxies
- Network isolation
Thank you for helping make Gorrent more secure.