| Version | Supported |
|---|---|
| 0.5.x-beta | Yes |
Do not open a public issue for security vulnerabilities.
Report privately via GitHub's Security Advisories, or contact the maintainer directly via their GitHub profile.
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested remediation (if any)
You will receive acknowledgement within 7 days. Critical vulnerabilities will be patched and released on priority.
PortPane runs as a standard user (asInvoker) with no elevated privileges.
It reads USB device state via WMI and the Windows Core Audio API.
It writes only to %LOCALAPPDATA%\ShackDesk\PortPane\ and the system clipboard.
- Issues in third-party NuGet dependencies (report to those upstream projects)
- Issues requiring physical access to the machine
If you believe the RSA license signing key has been compromised, contact the maintainer immediately via the reporting channel above. Key rotation procedure is documented in MAINTENANCE.md.