Do not open a public GitHub issue for security vulnerabilities.
If you discover a security issue in a Fynes Forge project, please report it responsibly:
- Email tf.dev@icloud.com with the subject line:
[SECURITY] <repo-name> — <short description> - Include: a description of the vulnerability, steps to reproduce, and the potential impact
- You will receive a response within 5 business days
We will work with you to understand and resolve the issue before any public disclosure.
| Version | Supported |
|---|---|
| Latest release | ✅ |
| Previous minor | ✅ security fixes only |
| Older | ❌ |
The following are considered in-scope:
- Remote code execution
- Authentication / authorisation bypass
- Sensitive data exposure (credentials, secrets)
- Dependency vulnerabilities with a known exploit
The following are out of scope:
- Issues requiring physical access to a machine
- Social engineering
- Issues in dependencies that have no available fix