TunnelX/SECURITY.md

Security Policy

TunnelX changes routes, runs local proxy services, and uses packet interception. Treat security reports carefully.

Supported Versions

Only the latest public release is supported.

Reporting

Before the repository is public, report security issues privately to the maintainer. After publication, use GitHub Security Advisories if enabled. If advisories are not enabled, open a minimal issue that says a private security report is needed without posting exploit details.

Sensitive Data

Do not include real VPN credentials, private configs, access tokens, wallet private keys, or private server addresses in issues, screenshots, logs, or pull requests.

Security reports are welcome, but publication of this project does not create a guaranteed response time or an obligation to ship a fix.