ENC is currently in early development. Security updates are provided only for the latest released version.

Users are strongly encouraged to upgrade to the latest version to receive security fixes and improvements.

Security is a core goal of the ENC project. If you discover a security vulnerability, please report it responsibly and privately.

• Do NOT open a public GitHub issue for security vulnerabilities.
• Please report security issues by one of the following methods:
  • GitHub Security Advisories, or
  • Email the maintainer directly.

📧 Security Contact:
pranjalab@gmail.com

When reporting a vulnerability, please include:

• A clear description of the issue
• Steps to reproduce the vulnerability
• Potential impact (e.g., data exposure, privilege escalation)
• ENC version affected
• Any proof-of-concept or logs (if available)

• Initial acknowledgment within 72 hours
• Valid vulnerabilities will be investigated promptly
• You will be informed once the issue is fixed or if more information is required

• Please allow reasonable time for a fix before public disclosure
• Coordinated and responsible disclosure is highly appreciated
• Reporters may be credited for their findings (optional)

ENC is an open-source, security-focused project. We welcome:

• Independent security reviews
• Vulnerability research
• Suggestions to improve encryption, authentication, and execution isolation

If you are interested in collaborating on security improvements, feel free to reach out.

ENC is actively evolving, and security features—especially encrypted storage and RAM-only execution—are continuously being improved. Responsible disclosures help strengthen the project for everyone.