This project currently supports the latest code on the main branch.
Please do not open public issues for security vulnerabilities.
Use one of these private channels:
- GitHub Security Advisories for this repository
- Private contact to maintainers (if provided in project profile)
When reporting, include:
- A clear description of the issue
- Affected files or modules
- Reproduction steps or proof of concept
- Impact assessment
- Suggested remediation (if known)
- Initial acknowledgement: within 72 hours
- Triage decision: within 7 days
- Fix timeline: based on severity and exploitability
- Do not commit real credentials to the repository.
- Generated runtime artifacts should use environment variable placeholders for secrets.
- If secret leakage is suspected, rotate affected credentials immediately.