Please do not open a public issue for a suspected vulnerability.

Use GitHub's private vulnerability reporting on this repository, or email hello@difflore.dev. Include the affected version or commit, reproduction steps, and expected impact.

We respond to vulnerability reports within 48 hours. Please include an email address or GitHub handle where we can coordinate privately.

For issues that affect customer or contributor data, DiffLore mirrors the cloud security commitments:

• Acknowledge researcher/customer reports within 48 hours.
• Notify affected customers within 72 hours of confirming a data-impacting incident.
• Publish a public post-mortem within 30 days of resolution when public disclosure is appropriate.

Security fixes target the current main branch and the latest released difflore-cli version.