The following versions of CommDesk are currently supported with security updates:
| Version | Supported |
|---|---|
| 0.1.x | β Yes |
| < 0.1 | β No |
We recommend always using the latest release for security fixes and improvements.
If you discover a security vulnerability, please report it responsibly.
- Email: security@nexgenstudio.dev
- Or open a private security advisory via GitHub:
- Go to the repository
- Click Security β Advisories β Report a vulnerability
- Open public issues for security vulnerabilities
- Share exploits publicly before disclosure
To help us respond quickly, include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Screenshots or proof-of-concept (if applicable)
- Suggested fix (optional but appreciated)
| Stage | Timeline |
|---|---|
| Acknowledgement | Within 48 hours |
| Initial assessment | Within 3β5 days |
| Fix & patch release | Depends on severity |
We aim to resolve critical issues as quickly as possible.
CommDesk follows these security practices:
- Role-based access control (RBAC)
- Strict frontend-backend boundary enforcement
- Input validation and sanitization
- Dependency auditing (via
pnpm audit) - Signed desktop updates using Tauri updater
- Secure key handling (
~/.tauri/commdesk.key)
- All production releases should be signed
- Auto-updates must use verified signatures
- Do not distribute unsigned binaries in production
We appreciate responsible disclosure and will:
- Credit researchers (if desired)
- Work collaboratively on fixes
- Keep communication transparent
This project is under active development. While we strive for strong security practices, users should:
- Avoid using in high-risk production environments without audit
- Regularly update to latest versions
We thank the open-source community and contributors for helping improve the security of CommDesk.