Security

SECURITY.md

Security Policy

If you find a security vulnerability, do not open a public Issue.

Contact: skull@ttl.zip
Disclosure window: 90 days by default (faster if actively exploited or high impact).
Scope: This repository and published release artifacts (including installer scripts/binaries).

Reporting guidelines

Please include:

Affected commit or release version
Impact and severity (e.g., RCE, privilege escalation, information disclosure)
Steps to reproduce (PoC), environment details
Any known mitigations or workarounds

We will acknowledge receipt within 3 business days, provide a tracking ID, and keep you updated on triage and remediation timelines.

Out of scope (examples)

Issues requiring privileged/local admin access without a clear privilege escalation path
Vulnerabilities in third‑party dependencies without a demonstrable exploit path in this project
Social engineering, physical attacks, or spam

Supported versions

We provide security fixes for the latest release. If you rely on older versions, please upgrade to the newest release.

Thank you for helping keep users safe.

There aren’t any published security advisories