The software has been pentested against most common attack vectors, but it is only as sturdy as the environment you run it in. Like with all software, vulnerabilites are possible, and reports are welcome, however I can't guarantee fast updates all the time, most patches will be under a week, but some may take up to a month.
Dependabot tracks the vulnerabilities of dependencies.
| Version | Supported |
|---|---|
| 0.0.x | ✅ |
Vulnerabilities can be reported using the github security reporting tools.
Reports are expected to have a working exploit ready to go on any environment, using devcontainers for example.
If your exploit fails to reproduce, it won't be considered until you patch it: I can't fix a bug I can't find.