If you discover a security vulnerability in Ensemble, please report it responsibly.
Email: Open a private security advisory via GitHub Security Advisories.
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix release: Depending on severity, typically within 2 weeks for critical issues
Ensemble is a local-only macOS desktop application. The following are in scope:
- Local file system access beyond intended scope
- Configuration injection or tampering
- Symlink-related vulnerabilities
- Data exposure through the application's storage
| Version | Supported |
|---|---|
| 1.0.x | Yes |