QtPass is actively maintained and security updates are provided for the latest releases. Older versions are not supported.
| Version | Supported |
|---|---|
| 1.5.x | ✅ |
| < 1.5 | ❌ |
If you discover a security vulnerability in QtPass, please report it responsibly:
- Do NOT create a public GitHub issue for security vulnerabilities
- Do email the maintainer directly at:
help@qtpass.org - Alternative: Open a private security advisory via GitHub
- Include in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Fix timeline: Depends on severity; critical issues are prioritized
QtPass is a GUI for pass, the standard Unix password manager. Keep in mind:
- QtPass does not encrypt passwords - encryption is handled by GPG
- Passwords are stored in your local password store (typically
~/.password-store) - QtPass requires GPG to be installed and configured on your system
- The clipboard is cleared after a configurable timeout (default: 45 seconds)
QtPass depends on:
- Qt6 (primary; use
qmake6) - GUI framework - Qt5 (5.15+, legacy; use
qmake) - GUI framework - GPG (gpg2) - encryption
- pass (optional) - password store CLI
- Git (optional) - version control
Ensure your system dependencies are kept up to date for security patches.