We provide security updates and fixes for the following project versions. Older versions are not maintained anymore, please upgrade to a supported release.

To report a security vulnerability, DO NOT create a public GitHub issue. Public disclosure may put users at risk.

1. Send a detailed report via private message / email to the project maintainer.
2. Include the following information in your report:
   • Affected component and version
   • Detailed reproduction steps
   • Vulnerability description and potential impact
   • Proof-of-concept code (if applicable)
   • Your contact information for follow-up

• We will acknowledge your report as soon as possible.
• We will analyze, verify and prioritize the vulnerability.
• Once a fix is ready, we will release a new version and disclose the vulnerability properly.
• You will be credited for your responsible disclosure in release notes (if you wish).

• Always use the latest stable version of this project.
• Keep your Python environment and dependencies up to date.
• Do not load untrusted external QML files or scripts.
• Restrict file access permissions for application runtime directories.

This security policy applies to all source code, official examples and built artifacts of Oh-My-GUI. Third-party dependencies are covered by their respective security policies.

For security-related matters only: popxhxh@outlook.com