Security

SECURITY.md

Security Policy

x-dms may handle sensitive data: X session cookies, proxy credentials, and private DMs.

Reporting a vulnerability

Do not open a public GitHub issue.

Instead, contact the maintainers privately (add/confirm your preferred contact method here):

Email: security@desearch.ai (example)
Or open a GitHub Security Advisory (preferred)

Secure-by-default requirements (for contributors)

Do not log cookies/auth headers
Redact secrets in any debug dumps
Recommend encryption at rest for secrets
Use least-privilege credentials
Validate inputs (avoid injection/SSRF via proxy settings, etc.)

There aren’t any published security advisories