We actively maintain the latest main branch and release tags. Security fixes are backported on a best-effort basis. If you discover a vulnerability in an older release, please disclose it privately so we can coordinate a patch release.

Please email the project maintainer Mahatma Mahardhika at mahatma.mahardhika@programinglive.com with the following information:

• Description of the vulnerability and potential impact
• Steps to reproduce or proof of concept
• Affected versions or commit hashes
• Any suggested remediation or mitigation strategies

You will receive confirmation within 48 hours. We aim to provide an initial response and remediation plan within 5 business days. Please do not publicly disclose the issue until we have released a fix.

Please report vulnerabilities in English or Indonesian.

Once a fix is available, we will coordinate a disclosure timeline with you and credit the reporter in the release notes unless anonymity is requested.

Thank you for helping keep Zettly and its community secure! 🙏