If you discover a security issue in this repository, please report it responsibly.
Contact: keith@keithcrawford.me
Web: keithcrawford.me/connect
GPG Key: Public Key (Key ID: 0xC4C53435)
Preferred Language: English
This repository contains code that is deployed or distributed. Security reports are welcome for:
- Authentication or authorization flaws
- Injection vulnerabilities (XSS, SQLi, command injection)
- Secrets, credentials, or API keys committed to the repository
- Dependency vulnerabilities with a known exploit path
- Server-side request forgery (SSRF) or insecure direct object references
Out of scope: Theoretical vulnerabilities without a demonstrated exploit path, social engineering, and denial-of-service attacks.
- Reports are acknowledged within 48 hours.
- Valid findings are addressed promptly. Fixes are prioritized by severity and exploitability.
- Responsible disclosure is appreciated. Please allow reasonable time for remediation before public disclosure.
If you report a valid finding and wish to be credited, let us know in your report. Credit is given in the fix commit or release notes unless you prefer to remain anonymous.