Owncast appreciates efforts to improve the security of the software and follow the GitHub coordinated disclosure of security vulnerabilities for responsible disclosure and prompt mitigation.
The latest version of Owncast is seen as the supported version. As a small project we are unable to support previous versions and urge users of the software to stay up to date.
To report a security issue with Owncast, open an issue on the Owncast GitHub repository and do not mention vulnerability details in the issue. If you have a preferred next step on where to discuss the details of the disclosure, please mention that in the issue if it's appropriate for those details to be public.
You may optionally email Gabe to alert him directly and provide specifics on how you wish to disclose the details of the issue.
Owncast may open a draft GitHub Security Advisory to discuss the vulnerability details in private if it is warranted.