| Version | Supported |
|---|---|
| 3.10.x | ✅ |
| < 3.10 | ❌ |
If you discover a security vulnerability in icalPal, please report it responsibly:
- Do not create a public GitHub issue for security vulnerabilities
- Email security reports to: security@corp.mlfs.org
- Include "SECURITY" in the subject line
- Provide detailed information about the vulnerability
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if available)
- Your contact information
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution: Varies based on complexity
- We will acknowledge receipt of your report
- We will investigate and validate the vulnerability
- We will develop and test a fix
- We will coordinate disclosure timing with you
- We will credit you in the security advisory (unless you prefer anonymity)
icalPal requires access to macOS Calendar and Reminders databases. Users should:
- Only run icalPal from trusted sources
- Be aware that "Full Disk Access" permissions are required
- Regularly review applications with database access
- icalPal processes local calendar data only
- No data is transmitted to external services
- Database files should be protected with appropriate file permissions
For security-related questions: security@corp.mlfs.org