| Version | Supported |
|---|---|
| latest | Yes |
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue
- Use GitHub's private vulnerability reporting or reach out via GitHub issues with a general heads-up
- Include steps to reproduce
- Allow reasonable time for a fix before disclosure
We aim to respond within 48 hours and provide a fix within 7 days for critical issues.
Void operates on the filesystem and can delete files. The following safety measures are built in:
- Blocked paths: Critical directories (
.ssh,.gnupg,.aws,Documents,Desktop, etc.) are never touched - Sentinel detection: Directories containing
.env,credentials,secrets.yaml, or key files are automatically blocked - Risk levels: Every action is classified as Safe, Caution, or Danger
- Symlink awareness: Symlinked paths are automatically escalated to Caution risk
- User-configurable blocklist: Additional paths can be protected via configuration