Skip to content

Security: qdelettre/coe

Security

SECURITY.md

Security Policy

Supported versions

Only the latest release is supported. There is no long-term-support line.

Reporting a vulnerability

Do NOT open a public issue for security reports.

Email quentin.delettre@pm.me with:

  • A description of the issue
  • Steps to reproduce, or a proof-of-concept
  • Affected version (commit SHA or tag)
  • Your name/handle if you'd like credit

You'll get an acknowledgment within 7 days. Expected timelines for a fix depend on severity:

  • Critical (arbitrary command execution via a hook/script, credential exposure): aim for 7 days
  • High (unexpected data exfiltration from a transcript or finding file): 30 days
  • Medium / low: best-effort

This is a solo-maintained project. Response times above are intentions, not guarantees.

Disclosure

Coordinated disclosure preferred. Once a fix lands, the issue is documented in the release notes. Credit given on request.

There aren't any published security advisories