Only the latest version on the main branch is actively maintained.
This is a fully static website with no server-side logic, no database, and no user authentication. The relevant attack surface is limited to:
- Supply-chain vulnerabilities in npm dependencies (monitored by Dependabot)
- GitHub Actions workflow security issues (e.g., script injection, compromised actions)
- Content Security Policy misconfiguration
Reports about the deployed website's content (typos, broken links, factual errors) are welcome as regular issues — they are not security vulnerabilities.
Do not report security vulnerabilities as public GitHub issues.
Please use GitHub's private Security Advisory feature:
- Go to the Security tab of this repository
- Click Report a vulnerability
- Fill in the details
You can also contact the maintainer directly at b.setz@rug.nl with [SECURITY] in the subject line.
I aim to acknowledge security reports within 72 hours and provide an initial assessment within 7 days.