| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
If you discover a security vulnerability in ShellFromBrowser, please report it responsibly:
- Do NOT open a public issue for security vulnerabilities
- Use GitHub Security Advisories to report privately
- Or email the maintainer directly
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: within 72 hours
- Initial assessment: within 1 week
- Fix or mitigation: depends on severity, typically within 30 days
The following are in scope:
- Authentication bypass
- Remote code execution
- Path traversal
- WebSocket security issues
- JWT token vulnerabilities
- Cross-site scripting (XSS)
Thank you for helping keep ShellFromBrowser secure.