Security reports are most helpful when they affect:
- pairing and trust establishment
- secure transport and reconnect authentication
- session isolation
- terminal content exposure
- permissions and host access boundaries
- local or private-overlay network exposure
Please do not open a public issue for a suspected security vulnerability before maintainers have had a chance to assess it.
Use one of these paths:
- GitHub security advisory reporting for this repository, if available.
- A private report to the repository owner.
Include:
- affected commit or version
- reproduction steps
- impact
- any proposed containment or fix
- reports will be triaged privately first
- public discussion should wait until impact and containment are understood
- fixes should avoid exposing sensitive exploit details before users can update