Security fixes are applied to the current release and the two most recent releases.
| Version | Status |
|---|---|
| v1.1.2 | ✅ Active support |
| v1.1.0 | ✅ Active support |
| < v1.0.x | ❌ Not supported |
As new versions are released, this table will be updated to reflect the current support window. Versions that fall outside the two-major-version window enter deprecated status and are acknowledged but no longer actively patched. Versions older than that are archived to cold storage. Retrieval of archived versions is available as a paid service — contact us at support@aetherassembly.org for details.
Please do not disclose security vulnerabilities in public issues.
Use GitHub private vulnerability reporting if enabled for this repository, or contact us through one of the following:
- Email: support@aetherassembly.org
- Contact form: https://forms.gle/T4i7GGzaT3HUrffm9
- Aster (GitHub): @Aster1630
- Ollie (GitHub): @OllieMochi
Please include in your report:
- A clear description of the issue
- Steps to reproduce
- Impact assessment
- Any suggested remediation or workaround
You can expect an initial acknowledgement within 7 days of receipt. After validation, the maintainers will work on a fix and coordinate disclosure timing as appropriate.
MindTab is a browser extension with no backend of its own. Relevant security areas include:
- Content script injection — any issue where a malicious page could abuse MindTab's content scripts
- Data leakage — any case where user text or browsing data is sent somewhere it shouldn't be
- XSS via DOM manipulation — the extension inserts UI into pages; any injection via user content or external filter list data
- Grammar server proxy — if you're running the optional self-hosted server, report proxy-level issues here too
Issues with the LanguageTool server itself should be reported upstream to the LanguageTool project.
- Bugs that require physical access to the device
- Self-XSS (the user deliberately injecting into their own session)
- Issues in browser internals or the browser extension API itself
General bugs, feature requests, and compatibility issues should be reported through the normal issue tracker.