Skip to content

Security: Satan2049/idm-queue

Security

SECURITY.md

Security Policy

Supported versions

Version Supported
1.0.x Yes
< 1.0 No

Reporting a vulnerability

If you believe you have found a security issue in IDM Queue, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead:

  1. Email the maintainer via GitHub (use the Private vulnerability report feature on the repository if available), or open a minimal private advisory.
  2. Include a clear description, steps to reproduce, and impact assessment.
  3. Allow reasonable time for a fix before public disclosure.

What to include

  • Affected version(s)
  • Operating system
  • Proof of concept or reproduction steps
  • Any suggested mitigation

What we commit to

  • Acknowledge receipt within a reasonable timeframe
  • Investigate and prioritize based on severity
  • Release a fix or mitigation when appropriate
  • Credit reporters who wish to be acknowledged (unless you prefer anonymity)

Security considerations

IDM Queue:

  • Launches Internet Download Manager (IDMan.exe) with user-supplied URLs via subprocess
  • Fetches remote web pages and metadata over HTTP(S)
  • Stores settings and history locally under %USERPROFILE%\.idm-queue\
  • Does not collect telemetry or send data to third-party servers

Recommendations for users

Out of scope

  • Vulnerabilities in Internet Download Manager itself (report to Tonec Inc.)
  • Social engineering or phishing using download links
  • Issues requiring physical access to an unlocked machine

There aren't any published security advisories