Please do not open a public GitHub issue for security vulnerabilities.
Email arunrajiah@gmail.com with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
| Milestone | Target |
|---|---|
| Initial acknowledgement | Within 48 hours |
| Confirmed or declined | Within 7 days |
| Patch released (confirmed vulnerabilities) | Within 14 days of confirmation |
| Public disclosure | 90 days after initial report, or after patch — whichever is sooner |
If a fix cannot be shipped within 90 days, we will coordinate public disclosure with the reporter before the deadline.