We take the security of Dropwheel seriously. Thank you for helping keep the project and its users safe.
Dropwheel is under active development. Security fixes are applied to the latest
release and the main branch. Older versions may not receive fixes.
| Version | Supported |
|---|---|
| latest | ✅ |
| older | ❌ |
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, report them privately using GitHub's private vulnerability reporting:
- Go to the Security advisories page.
- Click Report a vulnerability.
- Provide as much detail as you can (see below).
If private reporting is unavailable, please open a minimal placeholder issue asking a maintainer to contact you, without disclosing any vulnerability details.
To help us triage quickly, please include:
- A description of the vulnerability and its potential impact.
- Steps to reproduce, or a proof of concept.
- The affected version, component, or file.
- Any suggested mitigation, if known.
- We aim to acknowledge your report within a few business days.
- We will investigate and keep you informed of progress.
- Once a fix is available, we will coordinate disclosure and credit you if you wish.
We ask that you give us a reasonable amount of time to address the issue before any public disclosure. Thank you for practicing responsible disclosure.