Only the latest release is actively maintained and receives security fixes.

Please do not open a public GitHub Issue for security vulnerabilities.

Instead, report them privately via a GitHub Security Advisory. You will receive a response within 7 days. Please include:

• A clear description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested remediation (optional)

This is a local desktop application (Windows). The relevant attack surface includes:

• API key handling — the Notion integration token is stored in the Windows Credential Manager and never written to disk in plain text.
• Network requests — the app communicates only with https://api.notion.com. No other outbound connections are made.
• Tauri IPC — only explicitly declared commands (get_api_secret, set_api_secret) are exposed to the frontend.

• Vulnerabilities in Notion's own API or infrastructure.
• Issues requiring physical access to the machine.