If you believe you’ve found a security vulnerability in HandBrake or our website (https://handbrake.fr) please use the "Report a vulnerability" button on the Security Tab above.
Contributors to this project are also available in #handbrake on Libera.chat IRC (irc://irc.libera.chat:6697/#handbrake). Please note, #handbrake and #handbrake-dev are public so details should only be send to contributors via private message.
We kindly ask that you use responsible disclosure practices when alerting us to any security related issues. This allows us time to investigate and take corrective action where necessary.
Our goal is to deal with any issues reported as quickly as possible. If you do not receive a direct response from us within 24 hours, please follow up with us as we may not have received the message.
HandBrake is a volunteer project and we are not funded. As such, we do not participate in bug bounty programs or pay out for bugs raised.
We accept bug reports (including security reports) for the following versions:
Version | Accepts Reports |
---|---|
git main (development) | ✅ |
1.9.x | ✅ |
Earlier Releases | ❌ |