We take security seriously and appreciate responsible disclosure from the security community.
If you discover a security vulnerability, please report it by emailing:
Please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (optional)
- We will acknowledge your report within 7 days
- We will investigate and provide updates on our progress
- We will credit you in our release notes (if desired) once the issue is resolved
This is an unfunded, open-source project maintained by an individual developer. We are unable to offer monetary rewards for security reports at this time.
We deeply appreciate contributions from the security community and will provide public acknowledgment for valid findings if requested.
The following are in scope:
- Authentication/authorization vulnerabilities
- Data exposure or leakage
- Cross-site scripting (XSS)
- SQL injection
- Remote code execution
- Privilege escalation
The following are out of scope:
- Missing security headers (e.g., X-Frame-Options, HSTS)
- SPF/DKIM/DMARC email configuration
- Denial of service (DoS) attacks
- Social engineering attacks
- Issues in third-party dependencies (please report to the upstream project)
- Vulnerabilities requiring physical access to a user's device
We only support the latest released version of the application.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
We thank the following individuals for responsibly disclosing security issues:
- (No reports yet)
Thank you for helping keep Better Keep secure!