Currently supported versions of Tickit with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of Tickit seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do NOT report security vulnerabilities through public GitHub issues.
Send your report to: dodo03@khu.ac.kr
Please include the following information in your report:
- Type of issue (e.g., authentication bypass, data exposure, cross-site scripting, etc.)
- Full paths of source file(s) related to the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Impact of the issue, including how an attacker might exploit it
- You will receive a response from us within 48 hours acknowledging your report.
- We will confirm the issue and determine its severity.
- We will send you regular updates about our progress.
- After we fix the issue, we may ask you to verify the fix.
We do not currently offer a bug bounty program.
Tickit uses third-party Flutter packages. While we regularly update our dependencies to patch known vulnerabilities, we encourage users to report vulnerabilities they find in our dependencies.
We aim to resolve reported security issues within 90 days. We request that you do not publicly disclose the issue until we have released a fix.