Security

SECURITY.md

Security Policy

Supported Versions

Security fixes are applied to the latest main branch.

Reporting a Vulnerability

Please do not open public issues for sensitive vulnerabilities.

Use one of these options:

GitHub Security Advisory (preferred)
Private maintainer contact channel

When reporting, include:

Affected component and version
Reproduction steps
Impact and suggested mitigation

Scope

This project is a client application. Typical risk areas:

API key handling and storage
Insecure endpoint usage in Web/PWA (HTTP vs HTTPS)
CORS misconfiguration guidance

There aren't any published security advisories