We provide security updates for the following versions of Refreshable:

If you discover a security vulnerability in Refreshable, we appreciate your help in disclosing it responsibly.

Please report security vulnerabilities by emailing duchoang.vp@gmail.com with:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Any suggested fixes (if available)

• Initial Response: We aim to acknowledge receipt within 48 hours
• Assessment: We'll assess the vulnerability within 5 business days
• Updates: We'll provide regular updates on our progress
• Resolution: We'll work to fix the issue as quickly as possible

To protect our users, we ask that you:

• Do not publicly disclose the vulnerability until we've had time to address it
• Do not exploit the vulnerability beyond what's necessary for proof-of-concept
• Do not access or modify other users' data

We're grateful for security researchers who help keep Refreshable safe. With your permission, we'll:

• Credit you in our security advisory
• Add your name to our acknowledgments (if you prefer)

The following are typically not considered security vulnerabilities:

• Issues in deprecated versions (< 1.2)
• Theoretical vulnerabilities without proof-of-concept
• Issues that require physical access to the device
• Social engineering attacks
• Issues in third-party dependencies (please report to the respective maintainers)

When using Refreshable in your applications:

• Always validate data received from network requests
• Implement proper error handling for failed requests
• Use HTTPS for all network communications
• Sanitize user input before displaying

• Be cautious with custom animators that might expose sensitive information
• Consider using isPrivate flags for sensitive content during refresh operations
• Implement appropriate loading states to prevent UI confusion

• Use weak references to avoid retain cycles
• Properly clean up observers and delegates
• Monitor memory usage during intensive refresh operations

For security-related questions or concerns:

• Email: duchoang.vp@gmail.com
• Subject: [Security] Your question here

For general questions, please use our regular support channels.

Thank you for helping keep Refreshable and its users safe! 🔒