Preferred: Use GitHub Security Advisories to report privately.
Alternative: Open a GitHub issue for non-sensitive findings.
Please do not open public issues for security vulnerabilities.
- We ask for a 90-day window before public disclosure
- We will acknowledge receipt within 5 business days
- We will provide a fix timeline within 14 days of confirmation
In scope:
- App source code (TypeScript, React Native)
- Native modules (
modules/dns-native/) - Dependency vulnerabilities
- Data handling and storage (AsyncStorage, SecureStore)
Out of scope:
- DNS server infrastructure (
llm.pieter.com,ch.at) — these are third-party services - Issues requiring physical device access
- Denial of service against external DNS servers
Only the latest release is actively maintained.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |