| Version | Supported |
|---|---|
| 1.2.x | ✓ ✅ |
| 1.1.x | ✓ ✅ |
| < 1.1 | ✗ |
If you discover a security vulnerability within ShadowDocs, please send an email to security@shadowdocs.app.
All security vulnerabilities will be promptly addressed.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- API key exposure vulnerabilities
- Code injection risks
- Data privacy issues
- Authentication/authorization bypasses
- Social engineering attacks
- Physical security
- Denial of service (unless severe)
- Issues in third-party dependencies (report to maintainers)
- Acknowledge: 24-48 hours
- Initial assessment: 3-5 days
- Fix released: Based on severity
Security updates will be released as patch versions and announced on:
- GitHub Security Advisories
- npm security alerts
Do not open public issues for security vulnerabilities.