OffOn.dev projects are developed on a rolling basis. Only the latest commit on
the main branch of each repository is supported and patched.
Please do not open a public issue for security problems.
Report privately by either:
- GitHub private vulnerability reporting — "Report a vulnerability" under the Security tab of the affected repository, or
- Email offondev@gmail.com with details and, if possible, reproduction steps.
We aim to acknowledge reports within 5 business days and to share a remediation timeline after triage. Please allow a reasonable window before any public disclosure.
There is no paid bug-bounty program, but we credit reporters in the release notes unless you prefer to remain anonymous.