Skip to content

Security: binarygeek/sabha

Security

SECURITY.md

Security Policy

Reporting a vulnerability

Please report security vulnerabilities privately — do not open a public issue, pull request, or discussion.

Email ashwin[at]sabha.co with:

  • A description of the vulnerability and its impact
  • Steps to reproduce (proof-of-concept if you have one)
  • Any relevant logs, versions, or configuration

You can expect an acknowledgement within a few days. If you haven't heard back, please follow up — it likely means the first email didn't reach us. We're happy to credit you once the issue is resolved (let us know if you'd prefer to stay anonymous).

Please give us a reasonable window to ship a fix before any public disclosure.

What to expect

Once we receive your report, we'll:

  1. Confirm the issue and determine which versions are affected.
  2. Audit the codebase for similar or related problems.
  3. Prepare a fix and ship it.
  4. Keep you updated as we work through it.

Supported versions

Sabha ships from main. Security fixes land there; please run the latest version before reporting.

There aren't any published security advisories