Please do not open a public GitHub issue for suspected security problems.
Use private reporting where possible:
- Open a private GitHub security advisory for this repository, if that option is available.
- If private advisory reporting is not available, contact the repository maintainers through a non-public channel before disclosing details publicly.
Include:
- a short description of the issue
- affected area or file paths
- reproduction steps
- impact assessment
- any suggested remediation, if you have one
This repository is maintained on a best-effort basis. Response and remediation timing may vary, but private reports are preferred so issues can be assessed before public disclosure.
- The backend handles authentication, API keys, email-based auth flows, and database-backed spatial data.
- The frontend currently has less automated coverage than the backend, so reports that include reproduction steps are especially helpful.