Please do not report security vulnerabilities in public GitHub issues.

Use GitHub's private vulnerability reporting for this repository when available. If that is not available to you, open a minimal GitHub issue asking for a private security contact without including exploit details, credentials, tokens, connection strings, database dumps, or screenshots containing secrets.

Helpful reports include:

• Affected DBX version or commit.
• Operating system and installation method.
• The impacted component, such as desktop app, Docker service, CLI, MCP server, or JDBC plugin.
• Steps to reproduce in a safe test environment.
• Impact assessment and any known workaround.

Security-sensitive areas include:

• Connection storage, config import/export, and encryption.
• Database credential handling.
• SSH tunnel and proxy handling.
• AI provider keys and OpenAI-compatible endpoint configuration.
• MCP and CLI access to local DBX connections.
• Docker web service authentication and data directory handling.

Please avoid testing against systems you do not own or have explicit permission to assess.