I paid other humans with security expertise to "soft audit" the program prior to release, which uncovered a variety of vulnerabilities which were patched.
replyIt's a courtesy to the users, especially self-hosters.
The report is kind of concerning to read, particularly having XSS in this kind of app. The report was not meant to be exhaustive and fixing those vulns isn't some kind of implicit tick of approval.
replyIt's from October 2025, lots of issues have been fixed since then. At least you're more informed and can decide whether you'd like to use it accordingly. Compare that to most projects which are complete unknowns.
reply