Only the latest stable version is supported with security updates. Critical updates are released as needed, with non-critical patches included in the next regular release.
To report a vulnerability, there are two options:
- (Private) use the Security tab on this Github repo, and select "Report a vulnerability". Use this if you believe the issue puts current users at risk
- File a Github issue for less severa or more general security concerns.
For general information on Chronicles security practices (e.g., feature requests, opinions on improving security), please see the electron guidelines on security practices, which this repository intends to follow where appropriate: https://www.electronjs.org/docs/latest/tutorial/security
This application is unfunded and currently does not offer a bounty for discovering vulnerabilities. However, I greatly appreciate your contributions and can credit your work in related changelog and release announcements. Thank you for helping to improve the app's security.