Please report a vulnerability privately by opening a GitHub Security Advisory draft for this repository:
Do not open a public issue for an unpatched vulnerability.
When reporting, include:
- affected branch or commit
- reproduction steps
- impact assessment
- any proof-of-concept input or sanitized logs needed to reproduce safely
Avoid sending secrets, production credentials, or copyrighted third-party source documents in reports.
develop: actively maintained integration branchmain: stable release branch
Security fixes should target the appropriate Git Flow branch and be
back-merged when required by docs/workflow/git-flow.md.
- acknowledgement target: within 7 days
- triage/update target: within 30 days when a fix is feasible
- coordinated disclosure preferred after a fix or mitigation is available
- use synthetic fixtures whenever possible
- keep private reference inputs out of the repository
- provide sanitized evidence that preserves reproducibility without exposing sensitive data