This project is actively maintained on the main branch.
If you discover a security vulnerability, do not open a public issue.
Instead:
- Email: your-email@example.com
- Or contact via GitHub profile
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if possible)
- Initial response within 48 hours
- Fix timeline depends on severity
This policy covers:
- Application code
- Dependencies
- Deployment configuration
- Avoid testing vulnerabilities on production deployment
- Responsible disclosure is expected