Security updates are provided for the latest stable release only.
| Version | Supported |
|---|---|
| Latest stable release | ✅ |
| Older releases | ❌ |
Please do not report security vulnerabilities through public GitHub Issues, Discussions, or documentation comments.
Preferred reporting channel:
- Use GitHub Private Vulnerability Reporting for this repository if it is available in the repository's Security tab.
If private reporting is not available:
- Open a minimal public issue that only asks for a private contact channel.
- Do not include exploit details, proof-of-concept code, secrets, tokens, account data, or detailed reproduction steps in the public issue.
Please include the following in your report:
- A clear description of the vulnerability and the affected feature
- Steps to reproduce the issue
- Expected impact and any known limitations
- Browser, extension version, and environment details
- Any proposed mitigation or patch, if available
What you can expect after reporting:
- An initial acknowledgment within 72 hours
- Status updates at least every 7 days while the report is being reviewed
- If the report is accepted, a fix will be prepared and released as soon as reasonably possible
- If the report is declined, maintainers will explain why it is out of scope or does not meet the project's security bar
For general bugs, feature requests, and usage questions, please use GitHub Issues or GitHub Discussions instead of this process.