We take the security of this project and its users very seriously. If you have discovered a security vulnerability in this project, we appreciate your help in disclosing it to us in a responsible manner.
Please do not report security vulnerabilities through public GitHub issues or discussions. Doing so makes the vulnerability public before we have a chance to fix it.
Instead, please send an email to: [wanheda.work@gmail.com]
- The nature of the vulnerability: (e.g., SSRF, XSS, insecure handling of credentials).
- Steps to reproduce: Clear instructions or a minimal code snippet.
- Affected versions: The version or commit hash where the issue exists.
- Impact: Why is this a risk?
- We will acknowledge your email within [2] days (e.g., 48 hours).
- We will work with you to understand the scope and reproduce the issue.
- We aim to fix confirmed vulnerabilities as quickly as possible.
- We kindly ask that you keep the details of the vulnerability private until we have released a fix.
We currently provide security updates for:
| Version | Supported |
|---|---|
main |
Yes |
v1.2 |
Yes |
We believe in open source, but we also believe in responsible disclosure. If you follow this process, we are happy to publicly acknowledge your contribution in our security advisories after the fix is deployed.
- Attacks against the infrastructure hosting the project (e.g., GitHub itself).
- Hypothetical security issues without a concrete proof-of-concept.
- Issues related to user-provided configuration that are documented as insecure (e.g., "don't run as root").
Last updated: June 2026