GitHub's bots crawl native-link to detect security vulnerabilities wherever possible.

TraceMachina and the native-link authors place a high emphasis on fixing any vulnerabilities. Please send a report if something doesn't look right.

At the moment no version of native-link is officially supported. Consider using the latest commit on the main branch until official production binaries are released.

Prefer reporting vulnerabilities via GitHub.

If you'd rather communicate via email please contact blaise@tracemachina.com, marcus@tracemachina.com, blake@tracemachina.com or aaron@tracemachina.com.

See Advisories for publicly disclosed vulnerabilities.