Do not report security vulnerabilities through public issues. TenonAdmin ships as NuGet packages and carries authentication, RBAC, and multi-org data permissions — a public report is a 0-day disclosure against every downstream consumer, before a patch exists.
Use private vulnerability reporting. We aim to respond within 7 days, and will coordinate the fix and disclosure timeline with you.
No release has been published yet; only main is currently supported. This section will list supported version ranges once releases begin.