If you discover a security vulnerability in OpenDraft, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please use GitHub's private vulnerability reporting to submit your report.
We will:
- Acknowledge your report within 48 hours
- Investigate and provide an estimated timeline for a fix
- Credit you in the release notes (unless you prefer to remain anonymous)
This policy covers the OpenDraft application code in this repository:
- Frontend (React/TypeScript)
- Backend (Python/FastAPI)
- Desktop shell (Tauri/Rust)
- Collaboration server (Node.js)
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older versions | No -- please upgrade |