Only the latest released version receives security updates.

If you discover a security vulnerability in HushLog, please report it responsibly using GitHub's private vulnerability reporting.

Do not open a public issue for security vulnerabilities.

• A description of the vulnerability
• Steps to reproduce the issue
• The potential impact
• Any suggested fixes (optional)

• Acknowledgment: Within 48 hours of your report.
• Initial assessment: Within 5 business days.
• Fix and release: We aim to release a patch within 14 days of confirming the vulnerability, depending on severity and complexity.

We kindly ask that you:

• Allow us reasonable time to address the issue before public disclosure.
• Avoid exploiting the vulnerability beyond what is necessary to demonstrate it.
• Do not access or modify other users' data.

We appreciate your help in keeping HushLog and its users safe.