Currently, the following versions of Zedda are supported with security updates:
| Version | Supported |
|---|---|
| 0.4.x | ✅ |
| < 0.4.0 | ❌ |
We take the security of Zedda very seriously. If you discover a security vulnerability in this project, please do not publicly disclose it.
Instead, report it privately to us through GitHub's Security Advisories feature:
- Go to the Security Advisories page of this repository.
- Click on the "Report a vulnerability" button.
- Provide a clear description of the issue, steps to reproduce it, and any potential impact.
We will acknowledge receipt of your vulnerability report within 48 hours and strive to resolve it as quickly as possible.
Examples of vulnerabilities you should report securely:
- Buffer overflows or memory safety issues in the C++ core (
src/). - Path traversal or arbitrary file read vulnerabilities.
- Unsafe deserialization or command injection.
- Cross-Site Scripting (XSS) in HTML reports generated by
zedda.report.render_html. - Prompt injection in
zd.ask()or AI features.
Thank you for helping keep Zedda secure!