If you discover a security vulnerability in resolve-linux, please do not open a public GitHub issue.
Instead, please report it responsibly by:
-
Email — Send details to the repository maintainer with "SECURITY:" in the subject line
-
Include details:
- Description of the vulnerability
- Steps to reproduce (if applicable)
- Potential impact
- Suggested fix (if available)
-
Allow time for patching — We will:
- Acknowledge receipt within 48 hours
- Work on a fix privately
- Prepare a security advisory
- Release a patch version
- Credit the reporter (if desired)
| Version | Status | Support |
|---|---|---|
| 1.x | Current | Receives security updates |
| < 1.0 | Legacy | Best effort |
- Executes FFmpeg on local files
- Creates output directories
- Writes temporary files to
/tmp(cleaned on exit) - Does not connect to the internet
- Execute untrusted code
- Modify system files
- Require elevated privileges
- Handle network streams or remote files
When using resolve-linux:
- Validate input — Only process media from trusted sources
- Check disk space — Ensure sufficient free space before conversion
- Monitor processes — DNxHR conversion uses significant CPU/disk I/O
- Update ffmpeg — Keep your FFmpeg installation current for codec security patches
- Protect output — Restrict access to output directories if containing sensitive content
This script depends on:
- ffmpeg — regularly updated with security patches
- bash — ensure your system bash is current
- Standard POSIX utilities — find, awk, sed, etc.
Keep these dependencies updated for security.
Thank you for helping keep resolve-linux secure!