We take the security of our project seriously and appreciate your efforts to help us keep it safe.

If you believe you have found a security vulnerability, please do not report it via a public GitHub issue. Instead, please

• send an email to: nv0n@coloradomesh.org or,
• DM nv0n on our Discord

To help us investigate and triage the issue as quickly as possible, please include:

• Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting).
• Full paths of source files related to the manifestation of the issue.
• Step-by-step instructions to reproduce the vulnerability.
• Proof-of-concept or exploit code (if possible).
• Impact of the issue, including how an attacker might exploit it.

We strive to respond to all reports within 48 hours. Once we confirm a vulnerability, we will work to address it and keep you updated on the expected timeline for a patch.

We currently provide security updates only for the code in main and the latest release.

We encourage responsible disclosure. Please do not make any security vulnerability public until we have had sufficient time to evaluate, patch, and deploy a fix.