This repository contains the public Coretsia website implementation, website content, visual assets, accepted website decision records, and deployment-related configuration.

Security reports for this repository should relate to the website repository itself.

Examples:

• exposed secrets;
• unsafe deployment configuration;
• vulnerable website dependencies;
• cross-site scripting risks;
• unsafe handling of generated content;
• incorrect security headers;
• supply-chain risks in website tooling.

Framework runtime vulnerabilities should be reported in the relevant Coretsia framework repository or security channel.

The website is currently in early development.

Until the first public website release, security fixes are handled on the default branch.

Do not open a public issue for a suspected security vulnerability.

Use GitHub private vulnerability reporting if it is enabled for this repository. If it is not enabled, contact the maintainers privately through an appropriate project-maintainer channel.

Include as much detail as possible:

• affected file, page, dependency, or configuration;
• reproduction steps;
• expected impact;
• suggested mitigation, if known.

Please do not publicly disclose a vulnerability before maintainers have had reasonable time to investigate and prepare a fix.

General bugs, content problems, visual defects, and implementation tasks should be reported through normal GitHub issues.