We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depends on the CVSS v3.0 Rating:

The Markdown Notes team and community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.

The team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

When using Markdown Notes:

• Keep your browser up to date
• Be cautious when importing markdown files from untrusted sources
• Regularly clear your browser's local storage if you're on a shared computer
• Report any suspicious behavior or potential security issues

This security policy applies to:

• The main Markdown Notes application
• All official deployment methods
• Dependencies and third-party integrations

Thank you for helping keep Markdown Notes and our users safe!