Thank you for helping to improve the security of this project.
If you discover a potential security vulnerability in Brassica, please do not report it publicly (e.g. not as a GitHub issue or comment).
Instead, please contact us privately at:
Email:
mail@crispilly.de
- a brief description of the vulnerability
- steps to reproduce the issue (if possible)
- potential impact
- a way to contact you for follow-up questions
I aim to respond within 48 hours and to work on a fix as quickly as possible.
Please disclose details about security vulnerabilities only after:
- the issue has been analyzed
- a fix has been provided
- users have had sufficient time to update
This helps protect all users of the web app.
This policy applies to:
- the Brassica web app
- all PHP, JavaScript, ZIP, import, and export functionality
- the SQLite database
- API endpoints
- the entire project codebase in this repository