🔐 Security Policy

📦 Supported Versions

Version Supported

0.1.0-Beta ✅ Supported
<0.1.0-Alpha ❌ Unsupported

Note: Only versions marked as “Supported” receive security updates. Users are encouraged to upgrade to the latest supported versions to ensure security and stability.

🛡️ Reporting a Vulnerability

If you discover a security vulnerability in Citadel Browser, we appreciate your responsible disclosure. Please report it through one of the following methods:

🔒 GitHub’s Private Vulnerability Reporting
1. Navigate to the Citadel Browser GitHub repository.
2. Click on the Security tab.
3. Select Report a vulnerability to submit a private report directly to the maintainers.

This method ensures a confidential communication channel and is the preferred way to report vulnerabilities.

📧 Email Alternatively, you can report vulnerabilities via email:
• Email: [email protected]
• PGP Key:
-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEZjj71hYJKwYBBAHaRw8BAQdAyP1EaA7hwg9KxODvF+ZWMaBRxdLHLAsy
9DtankE6vSrNKWJAZGVlcGZvcmtjeWJlci5jb20gPGJAZGVlcGZvcmtjeWJl
ci5jb20+wowEEBYKAD4FgmY4+9YECwkHCAmQ/4dnbIRQU8MDFQgKBBYAAgEC
GQECmwMCHgEWIQQyYYKTGgGSYZehE9f/h2dshFBTwwAAbAUBAOLjjyR46kii
nX5QfnxlByFGCYjABMU3pSEWD2qMskiEAQC2+pNFwCr+Nofn3Rzm6k2qILJU
ynlNr035p1uVHfFjAM44BGY4+9YSCisGAQQBl1UBBQEBB0BjITevKgTGBCvw
2/vlNx4GDnjblrSIYfIodl8+jzNtFQMBCAfCeAQYFgoAKgWCZjj71gmQ/4dn
bIRQU8MCmwwWIQQyYYKTGgGSYZehE9f/h2dshFBTwwAAFuQA/1ut9dDCOaV+
czJHEMZzIExGX65x8ALRcjGIOkOnCuKrAQCUMuCBrc6Xoxqcc+jR1Q1Z6rsf
6dopx4aZKiVesRnrAg==
=8B5h
-----END PGP PUBLIC KEY BLOCK-----

When reporting via email, please include:
• A detailed description of the vulnerability.
• Steps to reproduce the issue.
• Potential impact and any suggested mitigations.
• Any relevant logs or screenshots.

⏱️ Response Timeline

We aim to acknowledge and address security reports promptly:
• Acknowledgment: Within 2 business days.
• Initial assessment: Within 5 business days.
• Resolution: Depending on complexity, but we strive for a timely fix.

We will keep you informed throughout the process and may request additional information to aid in the investigation.

📢 Disclosure Policy

We follow a coordinated disclosure approach:
1. Validate the reported vulnerability.
2. Develop and test a fix.
3. Release the fix in a new version.
4. Publish a security advisory detailing the vulnerability and the fix.

We credit reporters in our advisories unless anonymity is requested.

🎯 Scope

This security policy applies to:
• The Citadel Browser application

Third-party plugins and extensions are outside the scope of this policy.

🤝 Acknowledgments

We value the contributions of the security community in keeping Citadel Browser secure. Thank you for your efforts in responsibly disclosing vulnerabilities.