We only provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.x | β Supported |
If you discover a security vulnerability in Ludice, please do not open a public issue.
Instead, report it privately to the maintainers:
- π¨ Email: noentery@duck.com
- π¬ Telegram: @ludicegifter
We will respond within 48 hours and aim to resolve critical issues within 7 days.
When reporting, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact if exploited
- Any suggested fix or patch
We regularly:
- Run static code analysis using Bandit
- Scan dependencies with Dependabot
- Review code changes manually before merging
All credentials and API tokens are stored securely using environment variables.
If you are fixing a vulnerability, please do not open a pull request directly.
Contact the maintainers first, and weβll coordinate a secure patch release.