Only the latest release of Shallows is supported with security updates.
| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
Do NOT open public issues for security vulnerabilities.
If you discover a security vulnerability in Shallows, please report it responsibly:
- Preferred: Use GitHub Security Advisories to create a private report.
- Alternative: Email the maintainers directly with details of the vulnerability.
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours of receipt
- Assessment: Within 7 days
- Fix & Disclosure: Within 90 days (coordinated responsible disclosure)
We follow a 90-day responsible disclosure timeline. If a fix is not released within 90 days, the reporter may disclose the vulnerability publicly.
Shallows is intended for running browser-native Linux terminals for educational and development purposes. Users are responsible for ensuring they have proper authorization before using this tool against any systems.