We take security very seriously and have automated dependency alerts and code scanning to make sure the project is secure. If you still somehow find a vulnerability, here's how you can report it.

During the beta phase, we will only patch security vulnerabilities in the latest beta release.

• Do not create issues to report security vulnerabilities.
• Instead, please e-mail the security maintainer at chronobserver@disroot.org.
• You may encrypt the e-mail if you want (PGP key: 0x8A2DEA1DBAEBCA9E).
• Avoid including any confidential information in the e-mail.
• Provide your GitHub username (if available), so that we can invite you to collaborate on a security advisory.
• Alternatively, you can report the vulnerability here.