If you believe you found a security vulnerability in OpenIntercept, please do not open a public GitHub issue first.
Instead, report it privately through one of these paths:
- GitHub Security Advisories for this repository, if enabled
- direct contact with the maintainer
When reporting, include:
- affected version or commit;
- platform and OS version;
- reproduction steps;
- expected impact;
- logs, screenshots, or a minimal proof of concept when relevant.
You will receive an acknowledgement as soon as practical. After validation, the fix can be prepared privately and disclosed publicly once users have a safe path to update.
Security-relevant topics include, for example:
- unsafe certificate handling;
- truststore manipulation issues;
- unintended exposure of captured local traffic;
- privilege escalation through helper scripts or desktop packaging;
- unsafe file permissions or persistence behavior.
The project is a local-first desktop debugging tool. Please keep reports focused on realistic security impact in that context.
At this stage, security fixes are expected to land on the active main development line rather than through long-term support branches.