We provide security updates for the following versions:

If you discover a security vulnerability in GCRecomp, please do not open a public issue. Instead, please report it privately using one of the following methods:

Open a GitHub Security Advisory (if you have access) or email the maintainers directly.

We aim to:

• Acknowledge receipt of your report within 48 hours
• Provide an initial assessment within 7 days
• Keep you informed of our progress
• Release a fix within 30 days (depending on severity)

Please include the following information in your report:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)
• Your contact information (optional, for follow-up questions)

We follow a coordinated disclosure process:

1. We will work with you to understand and resolve the issue
2. We will not disclose the vulnerability until a fix is available
3. We will credit you in the security advisory (unless you prefer to remain anonymous)
4. We will publish the fix and advisory together

When using GCRecomp:

• Only process DOL files from legally owned physical discs
• Do not distribute recompiled binaries without proper authorization
• Keep your Rust toolchain and dependencies up to date
• Review generated code before execution
• Report suspicious behavior or potential vulnerabilities

• Security vulnerabilities in GCRecomp's codebase
• Issues that could lead to code execution, data corruption, or unauthorized access
• Vulnerabilities in dependencies that affect GCRecomp

• Issues in recompiled game code (these are the user's responsibility)
• Issues requiring physical access to your machine
• Social engineering attacks
• Denial of service attacks that don't compromise security

We appreciate responsible disclosure and will acknowledge security researchers who help improve GCRecomp's security. Contributors will be credited in security advisories (unless they prefer to remain anonymous).

Thank you for helping keep GCRecomp secure!