Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Version	Supported
0.1.x	✅

Reporting a Vulnerability

Do not open a public issue for security vulnerabilities.

Instead, please report security issues by:

Emailing the maintainers directly
Using GitHub's private vulnerability reporting

Include:

Description of the vulnerability
Steps to reproduce
Potential impact
Suggested fix (if any)

Response Timeline

Acknowledgment: Within 48 hours
Initial Assessment: Within 1 week
Resolution: Depends on severity

Scope

Security issues in:

Extension code (extension/src/)
Authentication/encryption logic
Data handling and storage
Network communications

Out of scope:

Third-party dependencies (report to their maintainers)
Research/documentation files

There aren't any published security advisories