We currently support the following versions of Radarr Go with security updates:
| Version | Supported |
|---|---|
| main | ✅ |
| develop | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. Please follow these steps to report security issues:
- Do NOT create a public issue for security vulnerabilities
- Send an email to: [email protected] (replace with actual email)
- Include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if you have one)
- Acknowledgment: We will acknowledge receipt of your report within 24 hours
- Investigation: We will investigate and validate the vulnerability within 72 hours
- Fix Timeline: Critical vulnerabilities will be patched within 7 days, others within 30 days
- Disclosure: We will coordinate with you on public disclosure timing
Radarr Go includes several security features:
- API Key Authentication: Optional API key protection for all endpoints
- Input Validation: All user inputs are validated and sanitized
- SQL Injection Protection: GORM ORM protects against SQL injection
- Dependency Scanning: Automated scanning with Gosec and Nancy
- Container Security: Non-root container execution
- CORS Protection: Configurable cross-origin resource sharing
When deploying Radarr Go:
- Use API Keys: Always enable API key authentication in production
- HTTPS: Use HTTPS in production environments
- Database Security: Use strong database passwords and restrict access
- Container Security: Run containers as non-root user
- Network Security: Restrict network access using firewalls
- Updates: Keep Radarr Go and dependencies updated
- Monitoring: Monitor logs for suspicious activity
This security policy applies to:
- Radarr Go application code
- Docker containers and images
- CI/CD pipeline security
- Dependencies and third-party libraries
The following are considered out of scope:
- Social engineering attacks
- Physical access to servers
- DDoS attacks
- Issues in third-party services (Docker Hub, GitHub, etc.)
We recognize security researchers who help improve Radarr Go security:
For security-related questions or concerns:
- Email: [email protected]
- PGP Key: [Link to public key]
Thank you for helping keep Radarr Go secure!