This repository contains the OSS desktop workspace and runtime stack.
We treat these classes of issues as security-sensitive:
- credential, token, or secret exposure
- remote code execution
- sandbox escape or privilege escalation
- auth bypass
- unsafe default configuration that exposes a local runtime or user data
Do not file public GitHub issues for security vulnerabilities.
Report vulnerabilities privately to:
admin@holaboss.ai
Include:
- affected commit or release
- reproduction steps
- impact assessment
- any proposed mitigations if you have them
We will acknowledge receipt and triage privately.
Please give us reasonable time to validate and fix issues before public disclosure.