The GenDI team takes security seriously. If you discover a security vulnerability, please do not open a public GitHub issue. Instead, follow the responsible disclosure process below.
- Email: Send details to the maintainer at the email address listed on the GitHub profile.
- Subject line: Use the format
[SECURITY] <brief description>. - Include:
- A description of the vulnerability and its potential impact.
- Steps to reproduce (proof-of-concept code is helpful).
- Any suggested mitigations or fixes.
- Acknowledgement: Within 72 hours.
- Assessment: Initial assessment within 7 days.
- Fix and Disclosure: Patch released within 30 days of a confirmed vulnerability.
This policy applies to the GenDI NuGet package and the source code in this repository.
- Vulnerabilities in third-party dependencies (report those to their maintainers).
- Issues already publicly disclosed before the report is submitted.
Thank you for helping keep GenDI and its users safe!