If you discover a security vulnerability in Muxy, please report it responsibly.

Do not open a public issue for security vulnerabilities.

Instead, please use GitHub's private vulnerability reporting to submit your report.

• A description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment within 48 hours
• A plan for a fix within 7 days for confirmed issues
• Credit in the release notes (unless you prefer to remain anonymous)

This policy applies to the Muxy application and its build tooling. For vulnerabilities in libghostty, please report them to the Ghostty project directly.