If you discover a security vulnerability in Stoneforge, please report it responsibly.

Do not open a public issue.

Instead, email: security@stoneforge.ai

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (optional)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 1 week
• Fix timeline: Depends on severity, typically within 30 days

We consider security research conducted in good faith to be authorized. We will not pursue legal action against researchers who:

• Make a good faith effort to avoid privacy violations and data destruction
• Report vulnerabilities promptly
• Allow reasonable time for remediation before public disclosure

Only the latest release is actively supported with security updates.