Do not open a public issue for security vulnerabilities.
If you discover a security vulnerability in HubDev, please report it through GitHub's private security advisory:
- A description of the vulnerability
- Steps to reproduce or a proof of concept
- The potential impact
- Your operating system and HubDev version
- We will acknowledge your report within 48 hours
- We will provide an initial assessment and expected timeline for a fix
- We will notify you when the vulnerability has been resolved
This policy covers the HubDev desktop application across all supported platforms (Windows, macOS, Linux), including service management, site linking, and tunnel features.
Thank you for helping keep HubDev and its users safe.