We currently support the following versions with security updates:

If you discover a security vulnerability in Scheemer, please report it by emailing the maintainers or opening a private security advisory on GitHub.

Please do not report security vulnerabilities through public GitHub issues.

• Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the issue
• Location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

• Acknowledgment of your report within 48 hours
• Regular updates on the progress of addressing the vulnerability
• Notification when the vulnerability is fixed

When using Scheemer:

• Keep dependencies up to date by following Dependabot alerts
• Review exported JSON data before sharing externally
• Use the plugin only with trusted Framer projects
• Report any suspicious behavior immediately

Thank you for helping keep Scheemer and its users safe!