Please do not report security vulnerabilities in public Issues or Discussions.
Report vulnerabilities privately to:
- Email:
security@glofter.example(replace with your real security contact)
Please include:
- Affected component and version
- Reproduction steps or proof of concept
- Potential impact
- Suggested mitigation (optional)
- Initial response target: within 3 business days
- Ongoing updates: during triage and patching
- Public disclosure: after fix release and coordination
This policy applies to the glofter-studio repository and related releases.