| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| 0.x.x | ❌ |
We take security seriously. If you discover a security vulnerability, please report it responsibly.
- Email: Send details to security@vpnht.com with
[Security]in the subject - PGP: Use our PGP key (see below for fingerprint)
- Expected Response Time: 48 hours
- Bounty: Eligible for security vulnerability rewards
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Suggested fix (if any)
- Do not disclose publicly before a fix is released
- Do not test on production systems without permission
- Do not access data that isn't yours
- Do not perform DoS attacks
- ✅ End-to-end encryption for VPN connections
- ✅ Kill switch prevents data leaks
- ✅ DNS leak protection
- ✅ IPv6 blocking to prevent leaks
- ✅ No-logs policy
- ✅ Signed binaries for all platforms
- ✅ Reproducible builds
- ✅ Dependency auditing with Dependabot
- ✅ Code signing verification in CI/CD
- ✅ HSM-backed certificate storage
- ✅ Automatic updates with signature verification
- ✅ Secure update channels (TLS 1.3)
Fingerprint: YOUR_PGP_FINGERPRINT_HERE
Key ID: YOUR_KEY_ID
Download: https://vpnht.com/pgp-key.asc
Published advisories: https://github.com/VPNht/desktop/security/advisories
We thank the following researchers who have responsibly disclosed vulnerabilities:
(Last updated: 2024)