If you discover a security vulnerability, please report it by emailing [email protected] or by opening a private issue on GitHub. Do not disclose security issues publicly until they have been reviewed and patched.

• Please include as much detail as possible to help us reproduce and address the issue quickly.
• We aim to respond to security reports within 7 days.

• Always use the latest version of FitFileViewer.

• Keep all dependencies up to date. The current major dependencies and their versions are:

  Dependency	Version
  electron	36.2.0
  electron-builder	^26.0.15
  electron-store	^10.0.1
  electron-updater	^6.6.4
  @garmin/fitsdk	^21.171.0
  eslint	^9.26.0
  jest	^29.7.0
  vitest	^3.1.3

• Do not open files from untrusted sources.

• If you use a custom build, ensure your dependencies are up to date.

We appreciate responsible disclosure of security issues and will credit reporters in our release notes if desired.