This repo does not have a security response program.
That is the whole point of disabling pull requests here: I do not want the interface to imply a review, merge, maintenance, or security promise that I cannot honestly keep.
This is serious software for me. I have used some version of Appify UI all day every day for about 15 years. It is also a proof-of-concept toy in the public contract sense: useful, inspectable, weird, and offered without a support desk or coordinated disclosure machine behind it.
Please do not treat this repository as a place to get:
- private vulnerability handling
- coordinated disclosure
- a response SLA
- audit coverage
- maintainer review of untrusted changes
- a promise that reported security issues will be fixed
If you need software with a real security program, this is the wrong dependency.
If you find something interesting and want to talk about it publicly, Issues are open. If you need confidentiality, do not depend on this repo as your response path.