Only the latest tagged release receives security updates.
| Version | Supported |
|---|---|
| latest | Yes |
| older | No |
Please report vulnerabilities privately via GitHub Security Advisories:
https://github.com/ByteWorthyLLC/outbreaktinder/security/advisories/new
Or by email to: Richardskef@gmail.com
Do not open public issues for vulnerability reports.
- Acknowledgment: within 48 hours of receipt
- Initial assessment: within 7 days
- Fix or mitigation: depends on severity; coordinated disclosure preferred
In scope:
- Cross-site scripting (XSS) in rendered pages
- Build-time arbitrary code execution
- Dependency vulnerabilities affecting production builds
- Supply chain risks in published packages
Out of scope:
- Reports requiring physical access to the user's device
- Self-XSS without realistic attack vector
- Theoretical issues without proof of concept
- Vulnerabilities in third-party services (report to those services directly)
Reporters will be credited in the release notes unless they request anonymity.