Transparency β’ Integrity β’ Speed
We actively maintain and provide security updates for the following versions. Please ensure you are running a supported version to stay protected.
| Version | Status | Security Updates | End of Life |
|---|---|---|---|
| v1.0.x |  |
Full Support | TBD |
| v0.9.x |  |
Critical Only | Mar 2026 |
| < v0.9 |  |
None | Dec 2025 |
We value the contributions of the security research community and welcome responsible disclosure.
Please do not discuss the vulnerability in public issues, forums, social media, or other channels until we have acknowledged the issue and released a fix.
Please send a detailed report to our security team.
Please include in your report:
- Type of vulnerability (e.g., XSS, CSRF, Injection).
- Step-by-step instructions to reproduce the issue.
- New or context-specific proof-of-concept (PoC) code or screenshots.
- Impact of the vulnerability.
InkMD is designed with a "Defense in Depth" strategy, prioritizing client-side data isolation.
|
InkMD operates as a Local-First application.
|
We implement strict security headers on our host:
|
We support safe and legal security research. We pledge not to pursue legal action against researchers who:
- Example: Engage in testing within the scope of this policy.
- Example: Avoid compromising user privacy or disrupting service.
- Example: Adhere to the disclosure laws of their jurisdiction.
- DDoS or Denial of Service attacks.
- Social Engineering (Phishing) of staff.
- Physical attacks against data centers or offices.
We would like to thank the following individuals for responsibly disclosing vulnerabilities and helping make InkMD safer for everyone.
| Year | Researcher | Vulnerability Type | Status |
|---|---|---|---|
| 2026 | Your Name Here | - | - |
Β© 2026 Crystal Studio Development
Made with β€οΈ by Shuvranshu Sahoo
Terms of Service β’ Privacy Policy β’ Security