Skip to content

Security: genereda/scrnr

Security

SECURITY.md

Security Policy

Reporting a vulnerability

If you discover a security issue in scrnr, please report it through GitHub Security Advisories.

Do not open a public issue for security vulnerabilities.

You should receive an initial response within a few days. If the vulnerability is confirmed, a fix will be prioritized and released as soon as practical.

Scope

scrnr runs as an unprivileged user-space application with no sandbox, no network access, and no entitlements. It interacts with:

  • CoreGraphics display configuration APIs
  • IOKit framebuffer interfaces (Intel only)
  • SkyLight private framework for rotation
  • UserDefaults for storing recent resolutions

The most relevant security surface is the use of dlopen/dlsym to load private framework symbols at runtime.

Supported versions

Only the latest release is supported with security fixes.

There aren't any published security advisories