Security policy — Linked SLA Alerts

Vulnerability disclosure for the Linked SLA Alerts Atlassian Forge app.

Last updated: March 2026

Supported versions

Only the latest published version of Linked SLA Alerts on the Atlassian Marketplace is supported for security fixes and coordinated disclosure. Please ensure you are on the current listing version before reporting.

Reporting a vulnerability

Send reports only to techcache@proton.me (private email). Do not open public GitHub issues, post to a public tracker, or expect a public filing—we treat findings confidentially through this channel. You are not required to publish vulnerability details.

Email techcache@proton.me with:

A description of the vulnerability
Steps to reproduce
Potential impact
Any suggested fixes (optional)

Our response commitment

Acknowledge your report within 5 business days
Provide a status update within 10 business days
Resolve the issue or formally accept the risk within 30 business days, depending on severity and practical constraints (we will communicate if timelines need to adjust)

Disclosure policy

We follow coordinated disclosure. Please do not publicly disclose details before a fix is available, unless 90 days have passed without a substantive response from us—in which case you may disclose responsibly. We appreciate working with reporters to protect users.

Scope

In scope: Security vulnerabilities in the Linked SLA Alerts Forge app (as distributed via the Atlassian Marketplace).

Out of scope for technical vulnerability reports: The static GitHub Pages site (techcache.github.io) and general use of the support email (e.g. routine support mail handling). If you find something that is clearly abuse of those channels, you may still email techcache@proton.me with a short description.

Contact

techcache@proton.me

For a customer-facing security overview (architecture, data handling, incident response), see Security Overview.

← Tech Cache home