This repository follows a responsible disclosure policy. If you discover a security vulnerability, please follow the steps below so maintainers can investigate and fix it safely.
- Email: 36832235+caveman8080@users.noreply.github.com -- PGP: Optional — include an encrypted message if you prefer. Public key (ASCII-armored) is provided below.
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEYktY2RYJKwYBBAHaRw8BAQdAWAcpICWpZx8jdGC4YWlCir2VTPf0EZ31 43f3LaLsbPPNNWpvc2VwaC5jYXZlc2luYUBwcm90b24ubWUgPGpvc2VwaC5j YXZlc2luYUBwcm90b24ubWU+wo8EEBYKACAFAmJLWNkGCwkHCAMCBBUICgIE FgIBAAIZAQIbAwIeAQAhCRCnTAwqDwE5ohYhBHm7qu2qdl7jdHKL8adMDCoP ATmiWsIA/2pzODKu7f/WjtS5KFuQlprkYmPmikCSSub7vax7m3LeAP97XeAN dd5YOZFI/Cj0wW8fgks2VB3lWwiwfXZWe6RmBs44BGJLWNkSCisGAQQBl1UB BQEBB0CPlXpIRoTD2E3kXk0mIOJHHWEuHK+bDsLqO2MK1gXtAQMBCAfCeAQY FggACQUCYktY2QIbDAAhCRCnTAwqDwE5ohYhBHm7qu2qdl7jdHKL8adMDCoP ATmiAecBAMOPKxcdIhqDS+CwBtOw2fKFNkSz8vVs1PDXgPA1P6GNAQC1IsPx cJhSK8sOfMI3sGzxkDHoYjt0Izup782byIHfAg== =+B4r
-----END PGP PUBLIC KEY BLOCK-----
When reporting, please provide:
- A clear description of the issue and impact
- Step-by-step reproduction instructions and minimal test case (if possible)
- Affected versions/commit hashes
- Any suggested mitigations or fixes
Do not include exploit code or data that would enable an attacker to reproduce the vulnerability at scale. If you must provide a proof-of-concept, mark it clearly and send it encrypted.
We commit to the following timeline after receiving a valid report:
- 48 hours: Acknowledge receipt
- 14 days: Provide an initial triage and plan
- 90 days: Aim to publish a fix or coordinated disclosure timeline
If the vulnerability is actively being exploited or poses immediate risk, indicate that in your report and we will prioritize accordingly.
This policy covers the code in this repository and any artifacts in the build/ directory. It does not cover third-party dependencies; please report issues to the relevant upstream projects as well.
If you follow this policy and act in good faith to report security issues, we will not take legal action against you for the testing described in your report.
We will acknowledge researchers who responsibly disclose issues unless they request anonymity.