Skip to content

Security: tsouth89/ceiling

SECURITY.md

Security policy

Supported versions

Before Ceiling's first stable release, security fixes are made on the latest release and the main branch only.

Reporting a vulnerability

Please do not open a public issue for suspected vulnerabilities, exposed credentials, or private account data. Use GitHub's private vulnerability reporting for this repository instead. If that option is unavailable, contact the maintainer through the private contact method listed on the GitHub profile.

Include the affected version, a minimal reproduction, and the impact. Remove API keys, cookies, OAuth tokens, account identifiers, and unrelated personal data from logs or screenshots.

You should receive an acknowledgement within seven days. Confirmed issues will be coordinated privately until a fix or mitigation is available.

There aren't any published security advisories