The latest released version is supported with security updates.
Because this tool is local-first and does not operate a hosted service, the security surface area is limited primarily to dependency vulnerabilities and local configuration issues.
If you discover a security vulnerability, please do not open a public GitHub issue.
Instead, report it privately by:
- Contacting the repository owner via GitHub, or
- Using GitHub’s private security advisory feature (if enabled)
Please include:
- A clear description of the issue
- Steps to reproduce (if applicable)
- Potential impact
You will receive an acknowledgment within a reasonable timeframe.
In scope:
- Dependency vulnerabilities
- Insecure handling of credentials
- Data corruption or integrity issues
Out of scope:
- Issues caused by compromised local machines
- Exchange-side API issues
- User misconfiguration or misuse