Skip to content

Security: klixsoft/worklyn

SECURITY.md

Security Policy

Supported Versions

Version Supported
main (latest)
Older releases ❌ — please upgrade

Reporting a Vulnerability

Please do NOT open a public GitHub issue for security vulnerabilities.

Report security vulnerabilities by emailing security@klixsoft.com with:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Any suggested fixes (optional)

What to expect

  • Acknowledgement within 48 hours
  • Status update within 7 days
  • Fix timeline communicated once the issue is confirmed
  • Credit in the release notes (if desired)

We take all security reports seriously and will respond as quickly as possible.

Scope

The following are in scope for security reports:

  • Remote code execution
  • Authentication / authorization bypass
  • SQL injection or data exposure
  • Cross-site scripting (XSS)
  • Sensitive data leakage
  • Dependency vulnerabilities with confirmed exploits

The following are out of scope:

  • Social engineering attacks
  • Physical security attacks
  • Issues in third-party libraries without a direct exploit path in Worklyn

Preferred Languages

We accept reports in English.

There aren't any published security advisories