If you discover a security vulnerability in Harbangan, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, email the maintainer directly at the address listed in the repository profile. Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
You should receive a response within 72 hours. We will work with you to understand the issue and coordinate a fix before any public disclosure.
Only the latest release on the main branch receives security updates.
This policy covers:
- The Harbangan API gateway (backend)
- The web UI (frontend)
- Docker and deployment configurations
- CI/CD pipelines
Third-party dependencies are monitored via Dependabot.