| Version | Supported |
|---|---|
| 1.1.x | ✅ |
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security seriously. If you discover a security vulnerability in Notolog, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please report security vulnerabilities by emailing the maintainers directly or using GitHub's private vulnerability reporting feature:
- Go to the Security tab of the repository
- Click "Report a vulnerability"
- Provide detailed information about the vulnerability
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution Target: Within 30 days (depending on severity)
- We will acknowledge receipt of your report
- We will investigate and validate the issue
- We will work on a fix
- We will coordinate disclosure with you
- We will credit you in the release notes (unless you prefer anonymity)
- Use strong, unique passwords for encrypted files
- Notolog uses AES-128 encryption with PBKDF2 key derivation (768,000 iterations)
- There is no password recovery - keep secure backups
- Store OpenAI API keys securely
- API keys are encrypted in local storage
- Never share your API key
- Only download models from trusted sources
- Verify model checksums when available
| Property | Value |
|---|---|
| Algorithm | AES-128 CBC (Fernet) |
| Key Derivation | PBKDF2HMAC with SHA-256 |
| Iterations | 768,000 |
| Salt | 32 bytes, cryptographically random |
- Settings are stored locally using Qt's QSettings
- Sensitive settings (API keys) are encrypted
- No data is sent to external servers except when using cloud AI APIs
We thank all security researchers who responsibly disclose vulnerabilities.
Last updated: January 2026