Skip to content

Security: LabOverWire/stitch

Security

Report a vulnerability

.github/SECURITY.md

Security policy

Supported versions

Only the latest 0.x release line of @laboverwire/stitch receives security fixes. Pin a version and upgrade when advisories are published.

Reporting a vulnerability

Please report security issues privately via GitHub Security Advisories:

https://github.com/LabOverWire/stitch/security/advisories/new

Do not open public issues, discussions, or pull requests for vulnerabilities.

When you report, include:

  • Affected version(s) and environment (browser, Node, MQTT broker)
  • A minimal reproduction or proof-of-concept
  • Impact assessment (data exposure, auth bypass, persistence corruption, etc.)

You should expect an initial response within a few business days. Coordinated disclosure timelines are agreed case by case.

There aren’t any published security advisories