Security fixes are provided for the latest released version.
If you are using an older version, please upgrade to the latest release before reporting an issue (unless the vulnerability prevents upgrading).
Please do not open a public GitHub issue for security vulnerabilities.
Instead, report security issues privately using one of the following:
- GitHub Security Advisories (preferred):
- Go to the repository’s Security tab → Advisories → Report a vulnerability.
- Email (if Advisories are not available for you):
- Send details to:
security@huntridgelabs.com
- Send details to:
If you are unsure whether something is a security issue, please report it anyway.
To help us validate and fix the issue quickly, include:
- A clear description of the vulnerability and its impact
- Steps to reproduce (proof-of-concept code or workflow configuration if possible)
- Affected versions / commit SHA(s)
- Any relevant logs, screenshots, or scanner output (redact secrets)
- Your suggested fix or mitigation (if you have one)
- Do not include real secrets/tokens in reports.
- If you discovered exposed credentials, revoke/rotate them immediately and tell us what was exposed (type/scope), not the secret itself.
After receiving a report, we aim to:
- Acknowledge within 3 business days
- Triage and confirm impact as quickly as possible
- Coordinate a fix and release
We will work with you on a coordinated disclosure timeline. Please allow time for patch development and release before publicly disclosing details.
Security fixes will typically be released as a new tagged version. Where appropriate, we may also publish a GitHub Security Advisory describing affected versions and mitigations.