If you discover a security vulnerability, please report it responsibly. Do not open a public issue.
Email security@fediway.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
We will acknowledge your report within 48 hours and work with you on a fix before any public disclosure.
Fediway handles OAuth tokens and communicates with Mastodon instances on behalf of users. Security issues in authentication, token storage, data handling, and API communication are in scope.
Only the latest release is supported with security updates.