| Version | Supported |
|---|---|
| latest | Yes |
If you discover a security vulnerability, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, email security@cavort.de with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
We will acknowledge your report within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.
Security issues we care about:
- Encryption weaknesses (key derivation, AES-GCM usage)
- Authentication credential leakage
- Storage backend access control bypasses
- Dependency vulnerabilities with exploitable impact