Only the latest public release of DeSonKuPik is actively supported for security fixes.
See SUPPORTED-VERSIONS.md for the support policy.
Please do not open a public issue for security vulnerabilities.
Use GitHub private vulnerability reporting if enabled, or contact the maintainer through the official project channels.
Include:
- App version or commit SHA.
- Operating system.
- Whether it affects web, desktop, or both.
- Steps to reproduce.
- Expected and actual behavior.
- Possible impact.
Security reports may include:
- Unsafe file handling.
- Unexpected network access.
- Dangerous Electron behavior.
- Dependency vulnerabilities with a practical exploit path.
- Release artifact integrity concerns.
- Generic dependency alerts without practical impact.
- Social engineering against maintainers.
- Issues requiring physical access to a user's machine.
- Reports against unofficial forks or modified builds.