The following versions are currently receiving security updates:
| Version | Supported |
|---|---|
| Latest | ✅ |
Older versions are not guaranteed to receive security patches. We recommend always running the latest release.
Please do not report security vulnerabilities through public GitHub issues.
To report a vulnerability, email us at hello@gooi.ai. If you prefer encrypted communication, please request our PGP key in your initial message.
Include as much of the following as possible:
- A description of the vulnerability and its potential impact
- The affected version(s)
- Steps to reproduce or a proof-of-concept
- Any suggested mitigations, if known
- Acknowledgement within 48 hours of your report
- Status update within 7 days, including whether we've confirmed the issue
- Resolution timeline communicated once the issue is triaged — we aim to patch critical vulnerabilities within 30 days
We will notify you when the vulnerability is resolved. If you'd like, we're happy to credit you in the release notes.
We follow coordinated disclosure. Please give us a reasonable amount of time to address the issue before any public disclosure. We'll work with you to agree on a disclosure date if needed.
The following are out of scope:
- Vulnerabilities in third-party dependencies (please report those upstream)
- Issues requiring physical access to a user's device
- Social engineering attacks