The following versions of KeePassAutoReload are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.2.x | ✅ |
| < 1.2.0 | ❌ |
Only the latest patch release in the 1.2.x line receives fixes. Users are strongly encouraged to update to the latest release.
If you discover a security vulnerability in KeePassAutoReload, please report it responsibly:
- Open a GitHub issue prefixed with
[SECURITY]describing the vulnerability in detail. - Include reproduction steps, affected versions, and the potential impact.
- Allow reasonable time for the maintainers to investigate and release a fix before disclosing publicly.
- Reports are acknowledged within a reasonable timeframe.
- Fixes are released as a new patch version and documented in
CHANGELOG.md. - Credit is given to reporters unless they prefer to remain anonymous.
- Release assets are accompanied by a
SHA256SUMS.txtfile so users can verify integrity after download. - Updates are fetched over HTTPS using TLS 1.2/1.3.
- The plugin verifies downloaded update assets against the published SHA256 checksums before installation.