Security

.github/SECURITY.md

Security Policy

Reporting a Vulnerability

DO NOT open a public GitHub issue for security vulnerabilities.

Report via:

Email: security@zk.im
Encrypted: Use our PGP key
GitHub: Use the "Report a vulnerability" button on the Security tab

See security.txt for full details.

Include:

Description of vulnerability
Steps to reproduce
Potential impact
Suggested fix (if any)

Timeline:

Initial response: 48 hours
Assessment: 7 days
Fix: Depends on severity

FIPS Disclaimer

⚠️ This package uses NIST-standardized algorithms (FIPS 203/204) but is NOT FIPS 140-3 validated.

For complete security guidance, see the Security Guide.

Supported Versions

Version	Supported
Latest	✅
Previous major	6 months

There aren’t any published security advisories