Currently supported versions of Notae:

Only the latest stable version receives security updates.

Notae is an offline encrypted note CLI tool. The main security areas include:

• AES-256 encryption implementation
• Password handling
• Note storage format
• File permissions
• Export functionality

If you discover a security vulnerability, please report it responsibly.

DO NOT open a public issue for security vulnerabilities.

Instead use one of these:

• GitHub private vulnerability reporting (preferred)
• Open a Security Advisory
• Contact: marcelost@riseup.net

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (optional)

What you can expect:

• Acknowledgement: within a few days
• Investigation if confirmed
• Fix in next release if valid
• Credit if you want recognition

Notae follows these principles:

• No telemetry
• No cloud sync
• No hidden network activity
• Local encryption only
• Open source transparency

Notae does NOT protect against:

• Compromised systems
• Keyloggers
• Root access attackers
• Weak user passwords

Security depends on proper Linux system security.

Please allow time for a fix before public disclosure. Responsible disclosure helps protect users.