To report a vulnerability, please contact Dustin via signal, djmitche.78.
Initial response is expected within ~48h.
We kindly ask to follow the responsible disclosure model and refrain from sharing information until:
- Vulnerabilities are patched in TaskChampion + 60 days to coordinate with distributions.
- 90 days since the vulnerability is disclosed to us.
We recognise the legitimacy of public interest and accept that security researchers can publish information after 90-days deadline unilaterally.
We will assist with obtaining CVE and acknowledge the vulnerabilites reported.