Security fixes are provided for the latest stable release of CotEditor. Older versions may not receive security updates.
| Version | Supported |
|---|---|
| Latest stable release | ✅ |
| Older versions | ❌ |
If you believe you have found a security vulnerability in CotEditor, please report it privately through GitHub's private vulnerability reporting feature. Please do not open a public issue for suspected security vulnerabilities.
For CotEditor, relevant reports may include issues such as:
- unintended file access or information disclosure
- unexpected command execution
- sandbox, permission, signing, or update-related security issues
- vulnerabilities triggered by opening or processing crafted files
When possible, please include:
- the affected CotEditor version and macOS version
- whether the issue affects the App Store build, the non-App Store build, or both
- a description of the security impact
- steps to reproduce
- a proof-of-concept file, sample input, screenshots, or a crash log if relevant
- any required permissions, settings, scripts, or external tools
We will make a best effort to acknowledge reports within 14 days, although response times may vary depending on availability. After triage, we may ask for additional details, work with you privately on a fix, and publish a security advisory once a fix is available.
Please use public issues for general bugs, crashes without a clear security impact, feature requests, and usability issues.