If you discover a security vulnerability, please report it through GitHub Security Advisories.

Please do not open a public issue for security vulnerabilities.

We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.

kithara handles HTTP networking, HLS streaming, and AES-128-CBC decryption. We take security seriously and recommend:

• Keeping dependencies up to date
• Using the latest supported version
• Reviewing the RustSec Advisory Database for known vulnerabilities in dependencies