| Version | Supported |
|---|---|
| 1.0.x | Yes |
Please do not open a public issue for security problems.
If you find a security issue in Cipher:
- Open a private report via GitHub Security Advisories
- Or email the maintainer through GitHub if that is not available
Include:
- What the issue is
- Steps to reproduce
- Possible impact
We will review reports as soon as we can and reply when we have an update.
Examples:
- API keys exposed in logs, UI, or commits
- Sandbox escape in the Electron app
- Unsafe handling of user data or credentials
- Remote code execution through crafted input
General bugs and feature ideas belong in Issues.
Cipher stores API keys locally with Windows DPAPI. Never commit keys, .env files, or screenshots that contain keys.