If you discover a security vulnerability in Omnipub, please do not open a public GitHub issue.
Instead, please report it privately via one of the following:
- GitHub Security Advisories: Open a draft advisory (preferred)
- Email: duwasai@gmail.com
When reporting, please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce (proof-of-concept code if possible)
- Affected version(s) — Omnipub release tag, commit SHA, or branch
- Any suggested remediation
We will acknowledge receipt within 7 days and aim to provide a fix or mitigation within 30 days for critical issues.
Only the latest released version receives security updates.
| Version | Supported |
|---|---|
| Latest release (main) | ✅ |
| Older versions | ❌ |
We follow coordinated disclosure: once a fix is available, we will publish a security advisory crediting the reporter (unless they prefer to remain anonymous).