Thank you for helping improve Agam Space's security! Your contribution makes the project safer for everyone in the community.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, report them privately via email to: security.agamspace@proton.me
To help us understand and address the issue effectively:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
The more detail you provide, the faster we can validate and fix the issue.
When we receive a security bug report:
- We'll confirm the problem and determine affected versions
- Audit code to find any similar problems
- Prepare fixes for all supported versions
- Release patched versions and publicly acknowledge your contribution (unless you prefer to remain anonymous)
We appreciate your patience as we work to address security issues responsibly.
- Always use the latest stable version
- Use strong, unique passwords for your master password
- Enable WebAuthn for additional security
- Keep your recovery key in a safe place
- Review trusted devices regularly
- Use HTTPS in production
- Follow the deployment security guide in documentation