If you discover a security vulnerability, please report it responsibly.
Do not open a public issue.
Email: security@reflective.se
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation plan within 7 days.
Only the latest release on main is actively supported with security updates.