Security fixes are provided for the latest published minor version.
Do not open a public issue for security reports.
Email security reports to security@tryrival.ai with:
- affected package version or commit
- reproduction steps
- potential impact
- any logs or request examples that do not include secrets
Never commit Rival API keys, customer data, production database snapshots, private regulatory workspaces, or internal credentials.