If you discover a security vulnerability in crumbls/subscriptions, please email security@crumbls.com rather than opening a public GitHub issue.
Include:
- A clear description of the vulnerability.
- Steps to reproduce (a failing test is ideal).
- The affected version(s).
You'll get an acknowledgement within 72 hours, and we will coordinate a fix and disclosure timeline with you.
Only the latest 1.x release receives security patches. Older 0.x releases are considered unsupported.