The Super Sonic X project takes security seriously. If you discover any vulnerabilities, please bring them to our attention right away!

Please DO NOT file a public issue to report a security vulberability, instead send your report privately to legendarydood@gmail.com. This will help ensure that any vulnerabilities that are found can be disclosed responsibly to any affected parties.

Include the following information:

1. Vulnerability description

   • What did you observe, and why is it a concern?

2. Steps to reproduce

   • Clear, step-by-step instructions
   • Include specific configurations or inputs required

3. System and environment details

   • OS version
   • ssX version or commit hash
   • Display manager, drivers, or hardware specifics

4. Supporting data

   • Logs (in plain text)
   • Core dumps (if available and safe to share)

5. Impact analysis (if known)

   • Potential for remote or local exploitation
   • Possible consequences (e.g. data exposure, privilege escalation, denial-of-service)

Please allow us ample time to validate and patch the issue before disclosing it publicly.

Feel free to privately message HaplessIdiot if the issue is of extreme importance.

We will get back to you as soon as possible.

Project versions that are currently being supported with security updates vary per project. Please see specific project repositories for details. If nothing is specified, only the latest major versions are supported.

We appreciate your help in keeping ssX safe for everyone. Let’s build something resilient, secure, and sonic.