Please do not open a public GitHub issue for security vulnerabilities.
Email security@forgemoss.com with:
- A description of the issue and its impact
- Steps to reproduce
- Affected version(s)
- Optional: a proposed fix
You'll receive an acknowledgement within 72 hours and a status update within 7 days. We'll work with you on disclosure timing — typically a coordinated release after a fix ships.
Snapora is pre-alpha. Once we ship v0.1, this section will list supported version ranges.
In-scope:
- The Snapora macOS application
- Code signing / update channel integrity
- Cloud-upload integrations bundled with Snapora
Out of scope:
- Third-party clouds you choose to upload to (S3, R2, etc.) — report to those vendors directly
- Vulnerabilities requiring a compromised macOS system