We actively support security updates for the following versions:
| Version | Supported |
|---|---|
| 1.0.x | β |
| < 1.0 | β |
If you discover a security vulnerability, please do not open a public issue. Instead, please report it privately.
- Email: Send details to [[email protected]] (replace with actual email)
- GitHub Security Advisory: Use GitHub's private vulnerability reporting feature if available
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- We will acknowledge receipt within 48 hours
- We will provide an initial assessment within 7 days
- We will keep you informed of our progress
- We will coordinate disclosure with you
- We will credit you for the discovery (if desired)
- We will not disclose your identity without permission
When using this application:
- Keep your browser updated
- Use HTTPS when accessing the application
- Be cautious with custom text input
- Review localStorage usage if concerned about privacy
- The application uses localStorage for user preferences (no sensitive data)
- No user authentication or data collection
- All processing happens client-side
- No external API calls or data transmission
Security updates will be:
- Released as patch versions (e.g., 1.0.1, 1.0.2)
- Documented in CHANGELOG.md
- Tagged with security labels in releases
Thank you for helping keep Blind Typing Tutor secure!