We currently support the following versions of the GitRepoTools extension:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
We take the security of our extension seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly until it has been addressed
- Email your findings to rohit.wadhwa52@gmail.com
- Include as much information as possible about the vulnerability:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
The GitRepoTools extension implements the following security measures:
- No collection or storage of personal data
- All settings are stored locally in the browser
- No external API calls except to the configured services
- Regular security reviews of the codebase
- Secure communication with GitHub and other services
- The extension only works with public GitHub repositories and public Gitingest digests
- No authentication tokens or sensitive data are stored
- All external links are opened in new tabs
- The extension follows Chrome's security best practices
We aim to:
- Acknowledge receipt of your vulnerability report within 48 hours
- Provide a more detailed response within 7 days
- Keep you informed about our progress in addressing the vulnerability
We appreciate the efforts of security researchers who help us keep our extension secure. If you report a valid vulnerability, we will:
- Acknowledge your contribution (if you wish)
- Work with you to understand and address the issue
- Keep you informed about the fix and release
For security-related issues, please contact:
- Email: rohit.wadhwa52@gmail.com
- GitHub: Open a private security advisory in the repository