PTS is currently under active development on the main branch. Security fixes are applied to main and deployed directly — there are no separate maintained release branches at this time.
| Version | Supported |
|---|---|
| main | ✅ Yes |
If you discover a security vulnerability in PTS — for example, an authentication bypass, an IMEI/ownership data leak, or an injection vulnerability — please report it privately rather than opening a public issue.
To report a vulnerability:
- Email usamaado36@gmail.com with a description of the issue.
- Include, where possible:
- Steps to reproduce
- The affected endpoint, component, or file
- Potential impact (e.g. data exposure, privilege escalation)
- Any suggested fix, if you have one
You can expect an initial response within 5 business days. We'll keep you updated as the issue is investigated and resolved, and we're happy to credit reporters in release notes unless you'd prefer to remain anonymous.
This policy covers the PTS backend API, frontend application, and the official mobile clients in this repository. Third-party services we integrate with (Cloudinary, Paystack, Mono, WhatsApp Business API, etc.) should be reported directly to those providers.
- We will not take legal action against researchers who report vulnerabilities in good faith and in accordance with this policy.
- Please give us reasonable time to address an issue before any public disclosure.
Thank you for helping keep PTS and its users safe.