This project is currently in active development. Security updates are applied to the latest version.

We take the security of Novel Writer seriously. If you believe you've found a security vulnerability, please follow these steps:

1. Do not disclose the vulnerability publicly until it has been addressed by the maintainers.
2. Submit detailed reports by opening a new issue with the title "SECURITY: [Brief Description]".
3. Include the following information in your report:
   • Type of vulnerability
   • Steps to reproduce the issue
   • Potential impact
   • Suggested fix (if any)

Novel Writer has the following security aspects to be aware of:

The application allows loading Python extensions. Only install extensions from trusted sources, as they can execute code on your system.

• Book data is stored as JSON files in the books directory
• No sensitive user data is stored by default
• The application does not transmit data over the network except for PDF generation requests

We regularly update dependencies to address known vulnerabilities. The application uses:

• Flask for the web framework
• ReportLab for PDF generation
• BeautifulSoup for HTML parsing

When using Novel Writer:

1. Keep the application and dependencies updated
2. Review extension code before installing
3. Do not expose the application to the public internet without proper security measures (authentication, HTTPS, etc.)
4. Backup your book data regularly

Security updates will be published as new releases and documented in the release notes. We aim to address critical security issues as quickly as possible.