Please report security vulnerabilities through GitHub Security Advisories or by sending an email to security@openshelf.org.

We will respond to your report within 48 hours and provide regular updates on the investigation and remediation process. Please include a summary, impact, reproduction steps, affected versions, and reporter contact in your report. Accepted vulnerabilities will be fixed and publicly disclosed in coordination with you. If a reported issue is determined not to be a security vulnerability, we will provide an explanation.