| Version | Supported |
|---|---|
| 1.0.x | Yes |
| < 1.0 | No |
If you believe you have found a security issue in IDM Queue, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead:
- Email the maintainer via GitHub (use the Private vulnerability report feature on the repository if available), or open a minimal private advisory.
- Include a clear description, steps to reproduce, and impact assessment.
- Allow reasonable time for a fix before public disclosure.
- Affected version(s)
- Operating system
- Proof of concept or reproduction steps
- Any suggested mitigation
- Acknowledge receipt within a reasonable timeframe
- Investigate and prioritize based on severity
- Release a fix or mitigation when appropriate
- Credit reporters who wish to be acknowledged (unless you prefer anonymity)
IDM Queue:
- Launches Internet Download Manager (
IDMan.exe) with user-supplied URLs via subprocess - Fetches remote web pages and metadata over HTTP(S)
- Stores settings and history locally under
%USERPROFILE%\.idm-queue\ - Does not collect telemetry or send data to third-party servers
- Download releases only from official GitHub Releases
- Verify downloads using SHA256 checksums
- Scan unfamiliar executables with VirusTotal if desired
- Review URLs before sending them to IDM
- Vulnerabilities in Internet Download Manager itself (report to Tonec Inc.)
- Social engineering or phishing using download links
- Issues requiring physical access to an unlocked machine