Security

We are committed to the security of our products through following software development lifecycle (SDLC) best practices. Radio Mast validates and issues patches for vulnerabilities discovered by our internal QA testing, researchers, and our customers. RSAS is tested with a suite of automated integration tests, unit tests, and fuzzing.

To protect our users, details of security advisories are not made public until fixes are available. Customers are privately given advance notice of upcoming security advisories. Public disclosures are made via the rsas-announce mailing list and historical advisories are listed below.

Security Advisories

March 30, 2024 - XZ Utils / liblzma SSH backdoor status - unaffected

Stay up-to-date

Security advisories and release announcements are published to the rsas-announce mailing list.

Get email notifications for new RSAS releases and security advisories.

Visit or join the rsas-announce mailing list on Google Groups.

rsas-announce is our low-traffic mailing list for release announcements and security advisories. If you're running RSAS in production, we highly recommend joining.

Reporting a Vulnerability

We do not currently operate a bug bounty program for vulnerability reports, but reports are greatly appreciated and benefit the streaming audio community. Our policy is to credit researchers with public acknowledgement in release notes if responsible disclosure practices are followed.

To report a security issue, please contact us here.

When reporting a vulnerability, emails can be encrypted with our PGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFMbQTgBEADBohI37rOC4euCR4VpWa9OuU3cU9fhFPNtZSAH/xqY1tmbpHGS
rPJVG/2LH6AOlE2HmOMe3Le8+t6rV+/O4X5290yiN/Tt1mUa2Cgh4bkb9bnQuKaE
nPDt0OVUwM78KwtyOV4Nz3zPwFkhtsBoy8Ehqor8KdR/2fNPdPYKX5yTnqhcTUT3
xji//IzprHFJAw7tYyNhlqNpGzAxjkZroWjQFl+05CSi761STyz71NH4jd55q3Qa
0cIZFRvgBFxrQzPrLPJVj28bDzmo/yW+zyfqgMnLANVnTfFn+SrCqFgLqW824v2F
2gRqj79jKCmn4c2qq6ZijRjAwdkPSx23ggV9J8YMXqSLfx9gP6N+dVmajXUHPGN7
1aqz6W1mI/vvzskmyktwvhla2d3JlXINPt2t7oAZvpN6Y2EBka3Jgv55NZw+peGz
b54bww/i4A/9usm/O2OkjqSN/t6UxkpVsOj5+MvatpZJdQ16eTHJ7AqBgh4UJH3V
0B0bVJhDSq6XTd44RNZK5a0tlK0t0zhKmaCcsDOOvNuWc+Upz1cdKxBe5g5ZgX2W
2XdjR2UXlbzKkaPV6KKSNUPKRU+njtCZfQnHLD3gkExzzECvKYjDsk9PM71GytuJ
HkSW+QpwN9oi9IqfIQkTIKLk57mVrfeU1yx6FMmSUbSfYvR4so1+n9b8DwARAQAB
tCVrZXliYXNlLmlvL2FsYmVydCA8YWxiZXJ0QGtleWJhc2UuaW8+iQItBBMBCgAX
BQJTG0E4AhsvAwsJBwMVCggCHgECF4AACgkQhEQkNnuSJGVfgA/+OMhWr+HU1WcK
28vdMOmvEUgaQ2XyB76Xt23iyjGIQ6W/1qI+m+IhF7hhY1Dq3cMNYD40yRoDS1uc
qL9voC0ALHXSU1/pXobIe6FMG+B/gMWB1BKU8BrqAuJDMaeiqvxy4mgObzUIDvFa
gHTDIteDMkwZvCTtpaQrQikOORk5HeyY1zmlh4O0JIUtZoGe5r7XJls0j3GCVayD
p21c+Yyx3xQ/eRWKBEATWrzTOurRh6BJqdYS1BFKLwQFgAtXcLeSrK45PG+dnF3+
sosR4EToK/CX/5dADaqsNj8+Nq/DXjd6tFuJwb4IOn2ySVWgWHvvEQwkpCCpqkmh
ufkVdpW5mieApBg43mYHO/W2HvoEyIn5ZmHa4Sn3NaCOtsjwXeF0A2nL1L75jmnK
10acggfxJV5IdGKcsPXkIivZZleXP9HpmNpJv8aoV56LiuHnsPXU/rNKjm45goor
qFhM9OoaV32BDwVkg3MhIf23Y4GgRY7QbNmVFzKWEEt6IzESDfhV40HY2NnGhQ0t
/iEzQ217gDAaDEcZ/bcGs8lGEjLZ4dMukCpCKo7OFYAvlToUMWWQDLblkEIr53S0
k3I5MlDplsVcP2vnCGYBUOiOppB23Z+/b1lNjrgF9DQ4OdFkppemVb7WIgpBXbCC
Fru3yYKDEa8Ohns9NySenCOyYgoIeQG5AQ0EUxtBOAEIANnQK9POHcVjETOGRJli
fdpRGnCPN1rtDUheSdvukowmzomO8b+KbKECgWIMtdojUN2VECu+yDEe6F34Yo8Z
+GB9/UpCerUt1vMY9M700NvQIJumiomtDFRI2Kf+XSnSwF/VpxsDkWWFdQ2e8GhL
TgTRPwRytFmth69/cBzyeDjBtnjtiV8PLfNnNTX4+O1CHJb7kIVuD8QaHm+sx7Xu
GeTRLquwJtTPtxqObjirxbrWVKNDkpIdKBHa4K7uEVlHpHUei790i7Rgyax8246C
qEuabRoMAwUvFLpiQRflYtjzoHoTevA7cEJN3wzLb8sk8XUdWNAWYbAgAt7v85VE
SOcAEQEAAYkDRAQYAQoADwUCUxtBOAUJDwmcAAIbLgEpCRCERCQ2e5IkZcBdIAQZ
AQoABgUCUxtBOAAKCRA/mVEiLUAwmA1zCAC9drhxnva8wNvDiIbiZb47s9loKl3S
RAxPKyd5IAGZw+leMX+poxN3E/e+wzkwCM1A3CalHhHmOCBKDDO1Z/G7yWGB/C4+
1dso1lcviUBwOjH7SnFrLhoCGWtX56di21kH36aOAudYnZ44/W/WOrozlG6/A1B5
8V3mSav4zAIAm7oWGNNFhSW2EV9GYfoLMO//sdzXoA+cVcUkEeY1NFycGDExO3iB
nTB8qyO5CWoOjqBtU6+/jJXM1WYe0Nbti493O7G3yORbCx3FTob9JUFT1br1ifMU
JfUy7LTgvhUUPEZO2EiQB1p10oEPwomCA7dVlN+eFHFlasTPiuQVue6/HYoP/0M0
VvvzAKvoNLI/7/vEmDB5UfAONJsLb0XNRJAyR7bc7vC5kpDxIdY+hk4AASJKHegK
dvdidhb30QrjxjhxwLvohGpKE2o6m/YBt/0brDbnzOdyxHZtDlyv63xXub4futBp
v7cAVsdwYGPelb/mVInbhTS+Q5SDqAwQzhxmqe75xEvT8YY4XQZcmha+WCZZIWeo
DRSAE8d67pgmjaqIJmlFINWGA0rVJvywjTqdkz9GfdZ+qj3ISFF3/48II0G8HRhG
9AsZX2AibF9TLbSd7N42tTOy/3SmxSnfdZocpB+HTHrItMskT+QRDe6WlCWQTHka
hBItWxfWbjGX4Lm/Pd+wK3L3oaAJ11j8ytn8ZfboC5PatOZaO8vyKIXNZDqFoPMZ
2vvNez2igmRF+3ojMkpsXfbw1SAl+cgSup0Jldp9O/ZwXOrL/WRmxQHyIIt+I4/9
jNbwpE6JIHR+NiyQP3NykndZ6PTcBuHZl2BvRxytaj2BjHHjZlL1cWF9BEEK60QG
Nutr8Z2qI/fP57XGcUDtNProdmCRFxKqoH8KhPr0TfFf1pOQxZcMJOcQmT8ViMBX
Q0pPF9ORBf7xswgrrs2w9JBih6BYCZ0LQaHUHMLuEycmYbMY5GH74ubW9f/N0CxT
sh38loH4ugbKupe33Ni8mBFcygZQxrETecBDD+EK
=peTk
-----END PGP PUBLIC KEY BLOCK-----

Last updated: Sun 31 March 2024