If you discover a security vulnerability within Camouflage, please send an email to [email protected]. All security vulnerabilities will be promptly addressed.

Please do not report security vulnerabilities through public GitHub issues.

Please include the following information in your report:

• Type of issue (e.g., information disclosure, code execution, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue

This information will help us triage your report more quickly.

After you have submitted your report, you can expect the following:

• A confirmation email acknowledging your report within 24 hours
• An assessment and validation of the reported vulnerability
• A timeline for addressing the vulnerability
• A notification when the vulnerability has been fixed

When we receive a security bug report, we will:

1. Confirm the problem and determine the affected versions
2. Audit code to find any potential similar problems
3. Prepare fixes for all affected versions
4. Release new versions as soon as possible
5. Publicly disclose the vulnerability after it has been resolved

We follow a coordinated vulnerability disclosure approach:

• Security issues will be disclosed after a fix has been released
• CVE IDs will be requested for significant vulnerabilities
• Credit will be given to the reporter (unless anonymity is requested)

When using Camouflage, consider the following security best practices:

1. Always update to the latest version to benefit from security fixes
2. Be aware that Camouflage only provides visual protection - the actual file content remains unchanged
3. Exercise caution when sharing your screen or taking screenshots, even with Camouflage enabled
4. Consider using additional security measures for highly sensitive information

If you have suggestions on how this process could be improved, please submit a pull request or contact us directly.