Security fixes are applied to the latest released version of SpecDesk. Older versions are not maintained — upgrade to the latest release to receive fixes.
Do not open a public issue for security vulnerabilities.
Report privately through GitHub's private vulnerability reporting (repository Security → Advisories → Report a vulnerability). If that is unavailable, contact the maintainer listed on the ZelAnton profile.
Please include:
- a description of the vulnerability and its impact;
- steps to reproduce (a minimal proof of concept is ideal);
- affected version(s).
You can expect an initial acknowledgement within a few days. Once a fix is ready, a patched release is published and the advisory is disclosed.
This repository runs GitHub CodeQL
(security-and-quality suite) on every pull request, every push to main, and
weekly. Dependencies are audited against the NuGet advisory database on every
restore (NuGetAudit), and Dependabot keeps actions
and packages current.