Security fixes are only made against the latest code on the default branch.
Do not report security vulnerabilities in public GitHub issues.
Use GitHub's private vulnerability reporting for this repository when it is available. If private reporting is unavailable, contact the maintainer privately through GitHub.
Include:
- a clear description of the issue
- steps to reproduce it
- impact assessment
- any suggested remediation
Reports are especially helpful when they cover:
- auth token storage or swapping
- profile isolation boundaries
- debug log redaction
- shell command execution or relaunch behavior