If you discover a security vulnerability in this project, please let me know privately rather than opening a public issue.

How to report:

Email me or DM me if we're connected elsewhere. Include as much detail as you can about the vulnerability. I'll respond as quickly as I can and work with you on a fix.

This tool handles OpenClass credentials and student data locally, so security matters. Things like credential exposure or leakage, SQL injection vulnerabilities, unauthorized access to student data, or anything that could compromise user accounts or data.

Issues that require physical access to someone's machine, social engineering attacks, or vulnerabilities in dependencies (report those upstream, but feel free to let me know so I can update).

Once a security issue is fixed, I'll credit you in the release notes (unless you prefer to remain anonymous), document the issue and fix in the changelog, and release a new version as soon as possible.

Thanks for helping keep this project secure for educators and students.