Thank you for helping keep MCPLI and its users safe. We value responsible disclosure and ask that all security reports follow this policy.

We generally address security issues on the latest released version. Critical fixes may be backported at the maintainers’ discretion.

Please report vulnerabilities privately via GitHub Security Advisories:

1. Go to the repository’s “Security” tab.
2. Open “Advisories” and click “Report a vulnerability”.
3. Provide a clear description, minimal reproduction steps, affected versions (if known), and potential impact. Avoid including sensitive data or exploitation details beyond what’s necessary to reproduce.

Do not open public issues or pull requests for security reports.

• We will review and acknowledge your report as promptly as we can.
• We may request additional information to reproduce and assess impact.
• Once a fix is ready, we will coordinate disclosure timing and release notes as appropriate.

• In scope: This repository’s source code and distributed packages labeled as MCPLI.
• Out of scope: Third‑party dependencies and components not maintained in this repository. Please report issues to the respective upstreams.

We support good‑faith security research. While testing, please:

• Do not exploit, disrupt, or degrade service for other users.
• Do not access, modify, or exfiltrate data you do not own.
• Comply with applicable laws and only test on systems you control or have permission to test.

For an end‑user‑oriented overview of MCPLI’s security characteristics (non‑sensitive), see the project’s Security Overview document.