If you discover a security vulnerability in any ZenHive project, do not open a public issue.
Instead, report it privately via GitHub Security Advisories on the affected repository, or contact the maintainers directly.
Security concerns include but are not limited to:
- Authentication or signing pattern vulnerabilities
- Credential exposure risks
- Injection vulnerabilities
- Dependencies with known CVEs
We aim to acknowledge security reports within 48 hours and provide a fix or mitigation plan within 7 days for confirmed vulnerabilities.
Only the latest release of each project receives security updates.