Security

SECURITY.md

Security Policy

Supported Scope

Security reports are accepted for actively used code in dev/ and critical deployment scripts.

Reporting a Vulnerability

Please do not open public issues for vulnerabilities.

Send a private report with:

impact summary
reproduction steps
affected paths/commits
suggested mitigation (if available)

Temporary contact channel: create a private communication request with project maintainers.

Response Targets

Initial acknowledgement: within 72 hours
Triage and severity assessment: within 7 days
Fix timeline: depends on severity and exploitability

Disclosure

Public disclosure should happen only after a fix or mitigation is available.

There aren’t any published security advisories