lockbitchat
cf36656341
Bumps version to 4.8.13 across package.json, package-lock.json, manifest.json, index.html, meta.json, README, SECURITY_DISCLAIMER, the site header and the in-app init banner (previously desynced at 4.8.10/4.8.11/4.8.12). Ships the security-review fixes already on main: - removed the over-broad send-path keyword blocklist that silently rejected legitimate messages (real XSS defense remains receive-side DOMPurify) - preserve newlines/tabs/indentation in outgoing message sanitization - stop logging raw AAD (sessionId + keyFingerprint) on validation failure - add Strict-Transport-Security and Permissions-Policy headers - add outgoing-message-integrity regression tests
1.3 KiB
Security Disclaimer and Terms of Use
SecureBit.chat is provided as open-source software for lawful private communication, research, and education. It is supplied as is, without warranties of any kind.
User responsibilities
By using SecureBit.chat, you are responsible for:
- complying with applicable laws and organizational policies
- securing your devices and browser environment
- verifying SAS codes through an out-of-band channel
- understanding that endpoint compromise can defeat application-layer protections
- configuring TURN correctly when relay-only privacy mode is required
Security limitations
No communication system can guarantee absolute security. SecureBit.chat reduces risk through encrypted transport, mandatory peer verification, explicit file-transfer consent, local metadata protection, and lifecycle cleanup, but it cannot protect against compromised devices, malicious users with physical access, or incorrect operational practices.
Intended use
SecureBit.chat is intended for legitimate private communication, journalism, research, education, business confidentiality, and personal privacy. It is not intended to facilitate unlawful activity, abuse, harassment, or harm.
Current release
- Product release:
v4.8.13 - Protocol version:
4.1 - Last updated: May 17, 2026