Shuck is pre-1.0. Only the latest published release receives security updates. If you are running an older version, please upgrade before reporting a security issue.

Please do not open a public GitHub issue for security problems.

Report vulnerabilities privately via GitHub private vulnerability reporting — open a report on this repository.

Please include:

• A description of the issue and its impact.
• Reproduction steps or a proof-of-concept script.
• The affected shuck version(s) and platform.

We aim to acknowledge reports within three business days and will keep you informed as a fix progresses. We follow coordinated disclosure: please allow a reasonable window for a fix and a release before any public discussion of the issue. Unless you ask otherwise, reporters are credited in the release notes for the fix.