We take the security of CtxPort seriously. If you discover a security vulnerability, please report it responsibly.
- Email: Send a detailed report to 2214962083@qq.com
- GitHub Issues: Open an issue at github.com/nicepkg/ctxport/issues with the "security" label
- A clear description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested fixes (optional but appreciated)
- Within 48 hours: We will acknowledge receipt of your report
- Within 7 days: We will provide an initial assessment
- Within 30 days: We aim to release a fix for confirmed vulnerabilities
- Please do not publicly disclose unpatched vulnerabilities
- Give us reasonable time to investigate and address the issue before any public disclosure
- We will credit security researchers in the release notes (unless you prefer to remain anonymous)
CtxPort is designed with privacy and security as core principles:
- Zero data transmission: All processing happens locally in the browser
- No server component: There is no backend server that could be compromised
- Minimal permissions: Only the minimum required browser permissions are requested
- Open source: The entire codebase is available for public audit under the MIT license
We appreciate the efforts of security researchers and the broader community in helping keep CtxPort safe for everyone.