If you discover a security vulnerability within Crontinel, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please email us at security@crontinel.com. We aim to acknowledge reports within 48 hours and will work with you to understand and address the issue promptly.

For critical vulnerabilities, please encrypt your message using our PGP key (if available) or contact us urgently via email.

When submitting a vulnerability report, please include:

• Type of vulnerability (e.g., SQL injection, XSS, CSRF, etc.)
• Full paths of source file(s) related to the vulnerability
• Location of the affected source code (tag/branch/commit)
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Assessment of the impact and severity of the vulnerability

• We will acknowledge and respond to vulnerability reports within 48 hours
• We will keep you informed of the progress toward a fix
• We will credit you in the security advisory (unless you prefer to remain anonymous)
• We will publish a security advisory on GitHub when the vulnerability is remediated
• We will credit you in the release notes when the fix is included in a new version