SensitiveFlow is currently in preview. Security fixes are provided for the latest published preview version.
| Version | Supported |
|---|---|
| latest preview | Yes |
| older previews | No |
If you discover a security vulnerability in SensitiveFlow, please do not open a public issue.
Instead, report it privately by email:
Please include:
- affected package
- affected version
- reproduction steps
- expected behavior
- actual behavior
- potential impact
- suggested fix, if available
I will try to acknowledge valid reports as soon as possible and coordinate a fix before public disclosure.
Security-sensitive areas include:
- log redaction failures
- accidental exposure of raw sensitive values
- audit trail integrity issues
- pseudonymization/token store weaknesses
- unsafe defaults
- analyzer/code fix behavior that may introduce leaks
SensitiveFlow helps reduce accidental exposure of sensitive data, but it is a tool, not a guarantee of complete data protection by itself. You are responsible for how you use these primitives in your application and for ensuring the configuration meets your requirements.