We provide security patches only for the latest stable release of Foliary. To ensure you have the most recent security fixes, we recommend always staying up to date with the latest version.

If you discover a security vulnerability, please do not open a public issue. Reporting publicly creates a "zero-day" risk for all users.

Please use the GitHub Private Vulnerability Reporting feature. This is the most secure and efficient way for us to track and resolve the issue.

If you are unable to use GitHub's reporting tool, you can contact us directly at: engineering@appoutlet.dev

To help us triage and patch the issue quickly, please include:

• A descriptive title and a summary of the vulnerability.
• The specific version of Foliary where the issue was found.
• Steps to reproduce (or a proof-of-concept script).
• Potential impact (e.g., unauthorized data access, CI/CD secret leakage).

We will acknowledge receipt of your report within 48 hours. We will keep you updated on our progress as we work toward a resolution and will credit you for the discovery once the vulnerability is patched.

Thank you for helping us keep Foliary secure!