We are committed to the security of our products through following software development lifecycle (SDLC) best practices. Radio Mast validates and issues patches for vulnerabilities discovered by our internal QA testing, researchers, and our customers. RSAS is tested with a suite of automated integration tests, unit tests, and fuzzing.
To protect our users, details of security advisories are not made public until fixes are available. Customers are privately given advance notice of upcoming security advisories. Public disclosures are made via the rsas-announce mailing list and historical advisories are listed below.
Security advisories and release announcements are published to the rsas-announce mailing list.
Get email notifications for new RSAS releases and security advisories.
Visit or join the rsas-announce mailing list on Google Groups.
rsas-announce is our low-traffic mailing list for release announcements and security advisories. If you're running RSAS in production, we highly recommend joining.
We do not currently operate a bug bounty program for vulnerability reports, but reports are greatly appreciated and benefit the streaming audio community. Our policy is to credit researchers with public acknowledgement in release notes if responsible disclosure practices are followed.
To report a security issue, please contact us here.
When reporting a vulnerability, emails can be encrypted with our PGP key:
Last updated: Sun 31 March 2024