| Version | Supported |
|---|---|
main (latest) |
✅ |
| Older releases | ❌ — please upgrade |
Please do NOT open a public GitHub issue for security vulnerabilities.
Report security vulnerabilities by emailing security@klixsoft.com with:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes (optional)
- Acknowledgement within 48 hours
- Status update within 7 days
- Fix timeline communicated once the issue is confirmed
- Credit in the release notes (if desired)
We take all security reports seriously and will respond as quickly as possible.
The following are in scope for security reports:
- Remote code execution
- Authentication / authorization bypass
- SQL injection or data exposure
- Cross-site scripting (XSS)
- Sensitive data leakage
- Dependency vulnerabilities with confirmed exploits
The following are out of scope:
- Social engineering attacks
- Physical security attacks
- Issues in third-party libraries without a direct exploit path in Worklyn
We accept reports in English.