Only the latest release of @binalyze/notar is supported with security updates.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
Please report security vulnerabilities through GitHub Security Advisories.
Do not open a public issue for security vulnerabilities.
- Acknowledgment: Within 48 hours of your report.
- Resolution: We aim to release a fix within 90 days of a confirmed vulnerability.
- Disclosure: We will coordinate disclosure timing with you.
The following are in scope for security reports:
- Cryptographic weaknesses (signature forgery, key leakage)
- Key handling issues (improper storage, exposure)
- SSRF or injection vulnerabilities in the web worker
- Worker abuse or bypass of verification logic
- Social engineering attacks
- Denial of service against the public instance
- Issues in dependencies (report these upstream)