Security fixes target the latest tagged release and the default branch. Users should run the latest release because process capture and recording validation fixes are not backported indefinitely.
Please report security issues privately through the GitHub security advisory flow.
If that form is unavailable, open an issue containing no vulnerability details and ask the maintainer to enable a private reporting channel.
Bottom is a read-only process lifecycle recorder. It should not terminate, suspend, inject into, or modify processes.
Trace mode starts only the command explicitly supplied after --; it does not act on unrelated processes or surviving descendants.
Process arguments, paths, user names, service units, and container identifiers can contain sensitive values. New files request owner-only access on Unix. Use repeated -redact values for exact text that must not reach the TUI, persistent recording, or Perfetto export. The default preserves exact event data and performs no rewriting.