Only the latest release receives security updates.

Please do not report security vulnerabilities through public GitHub issues.

Instead, use GitHub's private vulnerability reporting to submit a report.

Please include:

• A description of the vulnerability
• Steps to reproduce the issue
• Any potential impact
• Suggested fix (if you have one)

• Acknowledgment — within 48 hours of your report
• Assessment — within 1 week, we'll confirm whether it's a valid vulnerability and share our plan
• Fix — we aim to release a patch as quickly as possible, depending on severity and complexity

This project is a client-side weather extension. It does not collect or store user credentials. However, we take all security reports seriously, including:

• Data exfiltration risks
• Code injection vulnerabilities
• Dependency vulnerabilities
• Privacy concerns beyond what's covered in our Privacy Policy

Thank you for helping keep this project safe.