| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
As an early-stage project, only the latest version receives updates.
If you discover a potential security issue, please report it responsibly:
- Do NOT open a public issue
- Do contact the maintainer privately via GitHub Discussions (private message) or email
- Include as much detail as possible to help reproduce and understand the issue
- Acknowledgment: Within 72 hours
- Initial assessment: Within 1 week
- Resolution timeline: Depends on complexity, communicated after assessment
This policy applies to:
- The CapyDeploy application code
- WebSocket connection handling
- mDNS discovery and pairing
- Steam shortcut management
- Embedded binaries
Out of scope:
- Third-party dependencies (Wails upstream) - report to their respective projects
- User-provided device configurations
- Remote device security
This application handles:
- Pairing tokens: Stored locally in config file with restricted permissions
- Remote connections: WebSocket to mDNS-discovered devices on the local network
- Steam shortcuts: Modification of Steam configuration on remote devices
- Only pair with devices you trust on your local network
- Keep your config file secure (default: user-only permissions)
- Keep the application updated
Contributors who responsibly report valid issues will be credited in release notes (unless they prefer anonymity).