# Security Policy
If you discover a security vulnerability in this project, please report it to us responsibly.
Preferred contact: <[email protected]> (replace with your contact or a URL)
We will respond within 72 hours and work with you to remediate the issue. Do not publicly disclose vulnerabilities until they have been resolved.
Report contents
- Summary of the issue
- Affected versions/components
- Steps to reproduce
- Impact assessment
- Suggested mitigation or patch (if available)
- Your contact information
If you need to send sensitive information, see our PGP key in SECURITY/PGP_KEY.txt or encrypt with the provided PGP key.