If you believe you've found a security issue in Chiri, please do not open a public GitHub issue.

Instead, report it through one of the following channels:

• GitHub private vulnerability reporting (preferred): use the Report a vulnerability form on the repository's Security tab.
• Email: contact@sapphic.moe

Please include:

• a description of the issue and the impact you believe it has,
• the steps required to reproduce it,
• the version of Chiri and the operating system you're using,
• any relevant logs, screenshots, or proof-of-concept material.

You can expect an initial reply within a few days. As Chiri is currently maintained by a single person, response times depend on availability — please be patient.

Only the latest released version of Chiri receives security fixes. Users are encouraged to keep the application up to date.

Once a fix is available, the vulnerability will be disclosed through a GitHub security advisory on the repository, and credit will be given to the reporter unless they request otherwise.