marchat is currently at v0.6.0-beta.4.
All security updates and fixes are applied to the main branch.
| Version | Supported |
|---|---|
| v0.6.x (main) | ✅ |
| Earlier versions | ❌ |
If you discover a security vulnerability in marchat, please do not open a public GitHub issue.
Instead, report it privately through one of the following:
- GitHub: Private Security Advisory
- Email: [email protected]
Important
Your report will only be visible to maintainers and select collaborators until a fix is released.
We aim to respond to reports within 2–3 business days.
If confirmed:
- We'll investigate and prepare a fix in a private branch or fork.
- We may coordinate with you on the disclosure timeline.
- We'll publish a GitHub Security Advisory and credit contributors (if applicable).
If the issue meets CVE criteria and you want one assigned, let us know in your report.
GitHub is a CVE Numbering Authority and can issue one after disclosure.
This policy applies only to the official marchat codebase:
https://github.com/Cod-e-Codes/marchat
It does not cover:
- Misconfigurations in self-hosted deployments
- Issues caused by modified forks or downstream packaging
- General UX/UI feedback or feature requests
For general bugs, please use:
For feature requests or questions, please use:
Thank you for helping keep marchat and its users safe!