| Version | Supported |
|---|---|
| Latest | ✅ |
| < 1.0 | ❌ |
We take security seriously. If you discover a security vulnerability in Kaya, please report it responsibly.
- DO NOT open a public GitHub issue for security vulnerabilities
- Email security concerns to: hadrien.mary@gmail.com
- Or use GitHub's private vulnerability reporting
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Resolution Timeline: Depends on severity
- Critical: ASAP (within days)
- High: Within 2 weeks
- Medium/Low: Within 1 month
The following are in scope:
- Kaya desktop application (Tauri)
- Kaya web application
- All packages in this repository
- CI/CD pipelines that could affect releases
- Third-party dependencies (report to respective maintainers)
- Social engineering attacks
- Physical attacks
When contributing to Kaya:
- Never commit secrets, API keys, or credentials
- Keep dependencies updated (we use Dependabot)
- Follow the principle of least privilege for permissions
- Validate and sanitize all user inputs
Thank you for helping keep Kaya and its users safe! 🛡️