Skip to content

Security: masarray/desonkupik

Security

SECURITY.md

Security Policy

Supported versions

Only the latest public release of DeSonKuPik is actively supported for security fixes.

See SUPPORTED-VERSIONS.md for the support policy.

Reporting a vulnerability

Please do not open a public issue for security vulnerabilities.

Use GitHub private vulnerability reporting if enabled, or contact the maintainer through the official project channels.

Include:

  • App version or commit SHA.
  • Operating system.
  • Whether it affects web, desktop, or both.
  • Steps to reproduce.
  • Expected and actual behavior.
  • Possible impact.

Scope

Security reports may include:

  • Unsafe file handling.
  • Unexpected network access.
  • Dangerous Electron behavior.
  • Dependency vulnerabilities with a practical exploit path.
  • Release artifact integrity concerns.

Out of scope

  • Generic dependency alerts without practical impact.
  • Social engineering against maintainers.
  • Issues requiring physical access to a user's machine.
  • Reports against unofficial forks or modified builds.

There aren't any published security advisories