We actively monitor and fix security vulnerabilities. Please ensure you are running the latest version of the application.

If you discover a security vulnerability within Tchik (or any related repositories), please do not open a public issue. Instead, follow the responsible disclosure process below:

Send a detailed email to bienfaitshm@gmail.com with the subject line [TCHIK SECURITY VULNERABILITY] <Short Description>.

To help us triage and resolve the issue quickly, please provide:

• A clear description of the vulnerability and its potential impact.
• Step-by-step instructions to reproduce the issue (PoC / Proof of Concept).
• If available, any suggested fixes, code snippets, or patch files.
• Your name/handle if you wish to be credited publicly once fixed.

• Acknowledgment: We will acknowledge receipt of your report within 48 to 72 hours.
• Evaluation: Our team will evaluate the impact and coordinate a fix. We will keep you updated throughout the process.
• Resolution: Once a fix is verified, we will release a new version. We will credit you in our release notes for your responsible disclosure.

Please do not disclose the vulnerability publicly (including in public repositories, blogs, or social media) until a security patch has been officially released. This protects users from active exploitation.

Once a fix is published—or if we mutually determine that the issue does not pose a threat—you are free to publicly disclose it.

Thank you for helping keep our software and users safe! 🙏