xpack maintains a responsible disclosure process. If you discover a security issue, please report it privately so we can fix it before public disclosure.

Send an email to ankansahaofficial@gmail.com including:

1. A description of the issue
2. Steps to reproduce (or a test case)
3. The xpack version (see VERSION) and environment details
4. Any suggested mitigation, if available

Do not open a public GitHub issue for an unreported vulnerability.

• Acknowledgement within ~48 hours
• Triage and validation
• Fix scheduled and released; coordinated disclosure if appropriate

• Verify and test binaries before packaging
• Review included scripts and service files before installing packages
• Use signed artifacts and cryptographic verification where possible

Thank you for helping keep xpack users safe.