If you discover a security vulnerability in FonteOS, please report it responsibly using GitHub's private vulnerability reporting:
Do not open a public issue for security vulnerabilities.
FonteOS is a static site and markdown vault structure. The primary security concerns are:
- Malicious content in contributed markdown or HTML
- Credential or secret exposure in pull requests
- Supply chain risks if dependencies are added in the future
We aim to acknowledge reports within 48 hours and provide a fix or mitigation plan within 7 days.