Email security@proofly.dev with:
- A description of the vulnerability
- Steps to reproduce
- Affected version(s) and environment
- Your contact for follow-up
Do not open a public GitHub issue.
| Step | Target |
|---|---|
| Acknowledgement | 24 hours |
| Triage + severity rating | 72 hours |
| Patch released | Critical: 7 days · High: 14 days · Medium: 30 days |
| Package | Supported |
|---|---|
All @ledgermem/* SDKs |
latest minor + previous minor |
ledgermem-mcp |
latest only |
Self-hosted (ledgermem-enterprise) |
latest two minor releases |
We publish CVEs via GitHub Security Advisories on the affected repo.
Out of scope until SOC 2 Type II is in place (target Q1 2027). We acknowledge reporters publicly with permission.