If you discover a security vulnerability in Corelay Mesh, please report it responsibly.
Email: security@corelay.dev
Do not open a public GitHub issue for security vulnerabilities.
- We will acknowledge your report within 72 hours.
- We will provide an initial assessment within 7 days.
- We will coordinate disclosure with you before publishing any fix.
- We will credit you in the advisory (unless you prefer anonymity).
This policy covers the @corelay/mesh-* packages in this repository. For vulnerabilities in the SafeVoice product or Corelay Studio, email the same address — we will route internally.
Mesh is pre-1.0. We apply security fixes to the latest commit on main. There are no backport branches yet.
| Version | Supported |
|---|---|
main (latest) |
✅ |
| Older commits | ❌ |