sendit follows a rolling release model — only the latest stable release receives security updates.
| Version | Supported |
|---|---|
| Latest stable | ✓ |
| All previous | ✗ |
Do not open a public GitHub issue for security vulnerabilities.
Use GitHub's private vulnerability reporting to submit a report confidentially. You will receive acknowledgement within 48 hours and a resolution target within 7 days.
Please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept
- Any suggested fix or mitigation (optional)
We follow coordinated disclosure. Once a fix is available, we will publish a GitHub Security Advisory and release a patched version simultaneously. We aim to resolve confirmed reports within 30 days of a confirmed report.