If you discover a security vulnerability in mockery, please report it responsibly.

Please do not open a public GitHub issue for security vulnerabilities.

Instead, use one of the following channels:

• GitHub Security Advisory: Report a vulnerability
• Email: hello@prabhat.dev

Include as much detail as possible:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix or mitigation (if any)

We follow a coordinated disclosure process:

1. We acknowledge receipt of your report within 48 hours.
2. We investigate and validate the vulnerability.
3. We work on a fix and prepare a security release.
4. We release the fix and publicly disclose the vulnerability with appropriate credit after users have had time to update.

We aim to resolve critical vulnerabilities within 30 days of reporting.

• Run mockery on localhost or behind a firewall for local development only.
• Do not expose the mockery ui port to the public internet in production.
• Use strong, unique auth tokens if you enable the auth feature.