Only the latest release of Petal receives security updates.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
If you discover a security vulnerability in Petal, please do not open a public GitHub issue.
Instead, report it privately using one of the following methods:
- GitHub Private Vulnerability Reporting: Use the Report a vulnerability button on the Security tab of this repository.
- Email: Send details to the maintainer directly via the contact information listed on their GitHub profile.
Please include as much detail as possible:
- A description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Any relevant logs or screenshots
You can expect an acknowledgement within 72 hours and a resolution or status update within 14 days.
Petal is a local-first macOS application. It does not transmit audio data or transcriptions to any remote server unless you explicitly configure a provider that requires network access. Security reports related to data privacy, unauthorized data exfiltration, or local privilege escalation are taken seriously and are in scope.