We generally support the latest release of the single-file app (index-Release-x.y.z-YYYYMMDD.htm). Please update to the newest release before filing a report.

• Use GitHub private reporting: repo → Security → Report a vulnerability (creates a private advisory).
• Include reproduction steps, affected browsers/OS, and the exact app filename tested.

We aim to acknowledge within 3–5 business days and propose a remediation plan shortly after.

Client-side single-file app: browser permissions, microphone handling, local memory/cache.

• Third-party browser bugs (report to browser vendors)
• Issues requiring privileged/local system access without user interaction