Only the latest release receives security updates.
If you discover a security vulnerability, do not open a public issue.
Instead, please report it privately:
- Email: badhope@noreply.gitcode.com
- Or use GitHub's Security Advisories feature
Include the following in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
You will receive a response within 72 hours. Please allow up to 30 days for a fix before public disclosure.
This project follows these security practices:
- All changes require Pull Request review before merging
- CI pipeline includes security scanning (CodeQL, dependency review)
- No secrets or credentials are committed to the repository
- Dependencies are kept up to date via Dependabot
This software is provided "as is" without warranty. The maintainer is not liable for any damages arising from the use of this software.