Please report security vulnerabilities privately. Do not open a public issue for a security report.
Use GitHub's private vulnerability reporting: open the repository's Security tab and choose Report a vulnerability. This creates a private advisory visible only to the maintainers.
When reporting, please include:
- a description of the issue and its impact,
- the steps or a proof of concept needed to reproduce it,
- the affected version or commit, and
- any suggested remediation, if you have one.
You can expect an acknowledgement within a few days. We will confirm the issue, keep you informed of progress, and coordinate disclosure once a fix is available.
Tollgate is in early development and does not yet publish stable releases.
Security fixes are applied to the main branch.