If you discover a security vulnerability, please report it responsibly:
- Do not open a public GitHub issue
- Email security concerns to: neonwatty@gmail.com
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Fix timeline: Depends on severity, typically 30-90 days
This policy covers:
- The Cloudflare Worker (
src/) - The client widget (
src/widget/) - The hosted instance at
bugdrop.neonwatty.workers.dev
- Self-hosted instances (contact the instance owner)
- Third-party dependencies (report to the upstream project)