If you find a security issue in StarGear Scanner, please report it privately by email:
stargearx@proton.me
PGP is not required. Plain email is fine. Please include:
- a clear description of the issue,
- steps to reproduce,
- the version of StarGear Scanner you tested (see the About panel),
- your macOS version and hardware (Apple Silicon / Intel).
Please do not open a public GitHub issue for vulnerabilities until a fix is released.
Only the latest released version is supported with security fixes. Older versions will not receive backports.
We aim to acknowledge reports within 7 days and to publish a fix within 90 days of the initial report. After a fix ships, you are welcome to publish details of the issue.
StarGear Scanner is currently distributed as an ad hoc signed application.
- The app is not notarized by Apple.
- The author is not enrolled in the Apple Developer Program at this time.
- Gatekeeper will warn on first launch. The README documents the expected one time bypass.
- The app does not auto update. New releases must be downloaded manually from the official site or the GitHub releases page.
These limitations are intentional for the initial open source release and are tracked publicly.