Security

SECURITY.md

Security Policy

Supported versions

This is a small project; only the latest commit on the default branch is supported.

Reporting a vulnerability

Please do not open a public issue for security vulnerabilities.

Instead, report privately to the maintainers:

Preferred: open a GitHub Security Advisory (if enabled for this repo)
Otherwise: open an issue with minimal details and request a private contact channel

When reporting, include:

What you found and impact
Steps to reproduce
Any logs/config snippets with all tokens removed

Secrets

Never share:

Discord bot tokens
Matrix access tokens
Discord webhook URLs (they contain tokens)

There aren't any published security advisories