| Version | Supported |
|---|---|
Latest (main) |
Yes |
| Older releases | No — please update to the latest release |
Do not open a public GitHub issue for security vulnerabilities.
Use GitHub's private vulnerability reporting:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Fill in the details and submit
Alternatively, email heytheresaik@gmail.com with [SECURITY] in the subject line. Use this only if the GitHub reporting flow is unavailable.
- Description of the vulnerability
- Steps to reproduce
- Potential impact (what an attacker could do)
- Any suggested remediation, if you have one
| Stage | Target |
|---|---|
| Acknowledgement | Within 7 days |
| Status update | Within 14 days |
| Fix or mitigation | Dependent on severity |
We will coordinate disclosure with you before publishing any fix publicly. We appreciate responsible disclosure and will credit reporters in release notes unless you prefer to remain anonymous.
In scope: the CtrlValue application code in this repository (backend, frontend, database scripts).
Out of scope: third-party dependencies (report those directly to their maintainers), your own self-hosted deployment infrastructure.