The main branch is currently the supported version.
Please do not open public issues for security reports.
Report privately via email:
- Contact: thanhnguyentuan2007@gmail.com
- Subject:
[Lumeo][Security] <short summary>
Include:
- Vulnerability type and impact
- Steps to reproduce
- Proof of concept (if safe)
- Suggested mitigation
- Never commit API keys, PATs, or session tokens
- Validate all postMessage payloads and origins
- Keep host permissions minimal in
manifest.json - Revoke compromised credentials immediately