Thank you for helping keep Zappy secure.
Your responsible disclosure is a huge part of what makes this project safe and trustworthy.
We only provide security updates for the latest release.
| Version | Security Support |
|---|---|
1.1.0 |
Supported |
< 1.1.0 |
Not supported |
Always upgrade to the latest version to stay protected.
Please do NOT report security issues publicly.
Public disclosure puts users at risk.
Send a private email to:
We’ll respond within 48 hours to confirm receipt.
Help us fix it fast — include:
- Clear description of the vulnerability
- Steps to reproduce (code, build, runtime)
- Potential impact (e.g., data leak, DoS, privilege escalation)
- Affected version(s) and module(s)
- Suggested fix (optional, but appreciated!)
- Acknowledgment – You’ll hear back within 48 hours
- Investigation – We verify and prioritize the issue
- Fix & Release – Patched in the next release
- Public Disclosure – Security advisory with your credit (unless you prefer anonymity)
Every report makes Zappy safer for everyone.
You’re a security hero.
This policy follows responsible disclosure best practices.
Copyright (C) 2025 mtctx