If you find a security vulnerability in UsageBar, please report it responsibly. Do not open a public issue.

1. Go to this repository's Security Advisories page
2. Click "Report a vulnerability"
3. Fill in the details

This keeps the report private until a fix is released.

Send details to the project maintainer with the subject line "UsageBar Security Report".

• Description of the vulnerability
• Steps to reproduce
• Affected versions
• Impact assessment (what can an attacker do?)

• Acknowledgment within 48 hours
• Assessment and plan within 7 days
• Fix released as soon as practical, depending on severity

The following are in scope:

• The UsageBar desktop application
• Provider plugins shipped with UsageBar
• Build and release infrastructure

The following are out of scope:

• Third-party provider APIs (report to the provider directly)
• Social engineering attacks
• Denial of service attacks

Only the latest release is supported with security updates.