Labworks and the todo-app community take security seriously, and appreciate all efforts that disclose concerns responsibly.

If you believe you've found a security bug in our project, please contact us at security@labworks.dev and include the words "todo-app vulnerability" in the subject line. If you believe you've found a security bug in a third-party project used by todo-app, please report it to those those maintainers.

Your email will be acknowledged within one business day, and you'll receive a more detailed response to your email as soon as possible indicating the next steps in handling your report. After the initial reply to your report, we will endeavor to keep you informed of the progress being made towards a fix and announcement.