Please do not open public issues for security vulnerabilities.
Instead, report vulnerabilities via email to security@lazybytez.de.
Include as much of the following as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgement: within 48 hours
- Initial assessment: within 5 days
- Fix or mitigation: depends on severity
Only the latest release is supported with security updates.
Third-party dependencies are monitored but not directly maintained by us. If you find a vulnerability in a dependency, please report it upstream and notify us as well.