We take security vulnerabilities seriously. If you discover a vulnerability, please do not open a public issue. Instead, follow these steps:
- Confidential Reporting: Send an email to [email protected] with the subject line: "Security Vulnerability Report."
- Provide Details: Include detailed information about the vulnerability:
- Description of the issue
- Steps to reproduce
- Potential impact
- Any relevant logs or screenshots
We are committed to responding to vulnerability reports promptly:
- Acknowledgment: Within 48 hours of receipt.
- Investigation: We will investigate the issue and provide feedback or ask for additional information.
- Resolution: Aim to release a fix within 7 days, depending on the complexity.
To protect our users, we request that you:
- Do Not Publicly Disclose: Refrain from sharing the vulnerability details publicly until we have released a fix.
- Coordinate Release: We may coordinate with you to release a joint statement or credit you in our release notes, if you wish.
The following components are within the scope of our security policy:
- Frontend Application: All Svelte code in this repository.
Out-of-scope items include:
- Third-Party Dependencies: Vulnerabilities in external libraries should be reported to their respective maintainers.
- User Environment Issues: Problems caused by user-specific configurations or environments.
We appreciate the efforts of security researchers and users who help us maintain the security of our project. Thank you for contributing to the safety and integrity of our application.
For any questions regarding this security policy, please contact us at [email protected].