Security Policy

Supported Versions

• Main branch is supported with security fixes.

Reporting a Vulnerability

• Please report security issues privately. Do not open a public issue.
• If the repository is hosted on GitHub, use GitHub Security Advisories to create a private report: navigate to Security → Advisories → Report a vulnerability.
• If Security Advisories are unavailable, contact the maintainer privately (email or other private channel if listed in the project profile).

Scope & Guidance

• Never include sensitive data (tokens, API keys, private IPs) in reports.
• Provide reproduction steps, affected versions/commits, and potential impact.

Best Practices for Users

• Use a strong shared token and restrict access via Tailscale ACLs.
• Keep your device updated and exclude the app from aggressive battery optimizations as needed.