Taskzen is currently under active development. Security fixes are applied to the latest version on the default branch.
Please do not disclose security vulnerabilities publicly in issues.
Report vulnerabilities privately with:
- Description of the issue
- Reproduction steps or proof of concept
- Potential impact
- Suggested mitigation (if available)
If this repository has no dedicated security contact yet, open a private channel with the maintainers through your repository hosting provider's security reporting feature.
- Initial acknowledgment target: within 72 hours
- Triage and severity assessment: as soon as feasible
- Fix timeline depends on severity and complexity
Examples of in-scope concerns:
- Authentication bypass
- Authorization or role-escalation flaws
- Sensitive data exposure
- Injection vulnerabilities
- Dependency vulnerabilities with direct exploitability