We take security seriously. If you discover a vulnerability, please report it responsibly.
Do NOT open a public issue.
- Email dev@vana.com with the subject line:
[SECURITY] personal-server-ts — <brief description> - Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Action | Timeframe |
|---|---|
| Acknowledgement | Within 48 hours |
| Initial assessment | Within 5 days |
| Fix or mitigation | Within 90 days |
| Public disclosure | After fix ships |
This policy covers the personal-server-ts repository including all workspace packages (core, server, cli).
We appreciate responsible disclosure and will credit reporters in the release notes (unless anonymity is requested).
| Version | Supported |
|---|---|
| latest | Yes |