| Version | Supported |
|---|---|
| 16.x | ✅ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
Please use GitHub Security Advisories to report vulnerabilities privately.
Do NOT:
- Open a public GitHub issue for security vulnerabilities
- Disclose the vulnerability publicly before it has been addressed
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: We will acknowledge receipt within 48 hours
- Assessment: We will assess the vulnerability and determine severity
- Fix: We will work on a fix for confirmed vulnerabilities
- Disclosure: Once fixed, we will coordinate disclosure with you
This security policy applies to:
- The KashCal Android application
- The official repository at github.com/KashCal/KashCal
Out of scope:
- Third-party services (iCloud, CalDAV servers)
- Issues in dependencies (report to the respective projects)
- Keep KashCal updated to the latest version
- Use a strong, unique app-specific password for iCloud sync
- Do not share your iCloud credentials
- Review calendar permissions granted to the app