This is a portfolio project. Security fixes are applied to the latest tagged
release and main only. Older tags are not maintained.
| Version | Supported |
|---|---|
| latest release | ✅ |
main |
✅ |
| older tags | ❌ |
Please report vulnerabilities privately via GitHub's Private vulnerability reporting: open the repository's Security tab → Report a vulnerability.
Please do not open a public issue for a suspected vulnerability.
When reporting, include where practical:
- affected version / commit,
- a minimal reproduction or proof of concept,
- the impact you observed.
This is maintained on a best-effort basis by a single author. Expect an initial acknowledgement within a few days. There is no paid bug-bounty program.
In scope: code in this repository.
Out of scope: third-party dependencies (report those upstream; runtime CVEs in
dependencies are tracked here via scheduled pip-audit and Dependabot), and
issues that require physical access to hardware the project talks to.
Repositories that intentionally expose services to hostile traffic (e.g. a honeypot) ship an expanded
SECURITY.mdcovering kill-switch, data retention, and PII-anonymization on top of this default. See that repo's own policy.