We provide security updates for the following versions:

We take security vulnerabilities seriously. If you discover a security vulnerability in VSCode Config Export, please report it responsibly.

1. DO NOT create a public GitHub issue for security vulnerabilities
2. Email us directly at: [security@vscode-config-export.dev] (placeholder)
3. Include the following information:
   • Description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact
   • Suggested fix (if you have one)

• Acknowledgment: We'll acknowledge receipt within 48 hours
• Initial Assessment: We'll provide an initial assessment within 5 business days
• Updates: We'll keep you informed of our progress
• Resolution: We'll work to resolve the issue as quickly as possible
• Credit: We'll acknowledge your contribution (unless you prefer to remain anonymous)

1. Review Scripts: Always review scripts before running them
2. Backup Data: Create backups before running installation scripts
3. Check Sources: Only download from official sources
4. Verify Checksums: Verify file integrity when possible
5. Update Regularly: Keep your tools and scripts updated

• File Permissions: Our scripts handle file permissions appropriately
• Path Traversal: We validate paths to prevent directory traversal attacks
• Input Validation: User inputs are validated and sanitized
• Temporary Files: Temporary files are created securely
• Credential Exposure: We don't handle or store sensitive credentials

The following are generally considered out of scope:

• Issues in VSCode itself
• Issues in third-party extensions
• Social engineering attacks
• Physical access to machines
• Issues requiring unusual user interaction

Thank you for helping keep VSCode Config Export secure!