| Version | Supported |
|---|---|
| 3.0.x | Yes |
| < 3.0 | No |
If you discover a security vulnerability, please report it responsibly:
- Do not open a public issue
- Email jamesyng79@gmail.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- You will receive an acknowledgment within 48 hours
- A fix will be prioritized based on severity
This project uses:
- CodeQL — static analysis on every push
- gitleaks — secret scanning on every push
- pip-audit — dependency vulnerability scanning
- Dependabot — automated dependency updates
The following are in scope for security reports:
- Code injection vulnerabilities
- Credential exposure
- Dependency vulnerabilities with known exploits
- Privilege escalation via hotkey or window management APIs
Out of scope:
- Denial of service
- Social engineering
- EVE Online EULA compliance (this is CCP's domain, not a security issue)