The project is currently pre-1.0, so security fixes are applied to the latest main/master branch and the latest published crate release.

If you are using an older revision, upgrading first is the safest path.

If you believe you found a security issue in actix-web-csp, please avoid opening a public issue right away.

Send a private report with:

• a short description of the issue
• impact and affected configuration if known
• reproduction steps or a minimal example
• any suggested remediation or mitigation

Until a dedicated security contact is added, please use the repository contact information on GitHub and clearly mark the message as a security report.

• We will try to acknowledge the report quickly.
• We may ask follow-up questions or request a reduced reproduction.
• Once a fix is ready, we will coordinate disclosure and release notes as responsibly as possible.