We take the security of caddy-waf seriously. If you find a vulnerability, please report it!

Please do NOT open a public issue on GitHub. Instead, report the vulnerability via:

1. Email: Send the details to the maintainer (fabrizio.salmi@gmail.com).
2. GitHub Private Advisory: Open a private advisory draft on this repository if you have permissions, or contact the maintainer to enable it.

When reporting a vulnerability, please include:

• A description of the vulnerability.
• Steps to reproduce the issue (PoC code is helpful).
• Impact of the vulnerability.
• Affected versions.

• We will acknowledge your report within 48 hours.
• We will provide an estimated timeline for the fix within 1 week.
• We will release a patch as soon as possible.

We will credit you in the release notes and changelog for responsibly disclosing vulnerabilities, unless you prefer to remain anonymous.