Security updates are provided for the latest version of this project only. Older versions are not maintained and may contain unpatched vulnerabilities.
If you believe you have discovered a security vulnerability, please report it responsibly.
Do not disclose security vulnerabilities publicly via GitHub issues or discussions.
Instead, contact the maintainer directly:
Please include the following information where possible:
- A clear description of the issue
- Steps to reproduce the vulnerability
- Potential impact and severity
- Any suggested mitigations or fixes
- Acknowledgement within 72 hours
- Initial assessment within 7 days
- Remediation timeline will depend on severity and complexity
- Vulnerabilities should not be publicly disclosed until a fix has been released
- Coordinated disclosure is preferred
- Credit may be given to reporters at the maintainer’s discretion
This policy applies to the core application and any officially maintained components of this repository.
Third-party dependencies are out of scope but may be addressed through upstream fixes where applicable.
While best efforts are made to follow secure development practices, this software is provided "as is" without warranty of any kind.
Users are responsible for deploying and configuring the software securely in their own environments.