Currently, only the main branch is receiving security updates. If you are a user of Sadaqa Kiosk, please ensure you are always running the latest version from main or the latest tagged release.

Do not open up a GitHub issue if the bug is a security vulnerability. Instead, please responsibly disclose it by emailing the project maintainers directly (or the project owner Sidox-ops).

Please provide the following information when reporting the vulnerability:

• A description of the vulnerability.
• Steps to reproduce the issue.
• Any potential impact on users (especially concerning payment processing or SumUp SDK integration).

We aim to acknowledge all security reports within 48 hours and will keep you informed of our progress towards a fix.