Please do not disclose security vulnerabilities in public Issues or Discussions.
Report vulnerabilities privately to:
- Email:
security@glofter.example(replace with your real security contact)
When reporting, please include:
- Affected component and version
- Reproduction steps or proof of concept
- Potential impact
- Suggested mitigation (if available)
- Initial response target: within 3 business days
- Status updates: provided during triage and fix progress
- Public disclosure: after a fix is available and coordinated
This policy applies to the glofter-hub repository and related releases.