Security

SECURITY.md

Security Policy

Reporting a Vulnerability

We take security vulnerabilities seriously. If you discover a security vulnerability, please follow these steps:

1. Do NOT create a public GitHub issue

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

2. Report privately

Send an email to: [email protected]

Include the following information:

Description of the vulnerability
Steps to reproduce the issue
Potential impact
Any suggested fixes or mitigations

3. Response Timeline

Initial Response: Within 48 hours
Status Update: Within 7 days
Fix Timeline: Critical issues within 30 days, others within 90 days

4. Disclosure Policy

We will acknowledge receipt of your vulnerability report
We will investigate and validate the issue
We will work on a fix and coordinate disclosure
We will credit you for the discovery (if desired)

Acknowledgments

We appreciate the security research community and will acknowledge researchers who report vulnerabilities responsibly.

There aren’t any published security advisories