Vulnerabilities in rxds should be reported privately.

If you believe you've found a security issue in rxds:

• Email security@vanderstap.info
• Include "SECURITY" and "rxds" in the subject line
• Provide:
  • A description of the issue
  • Steps to reproduce
  • Any proof-of-concept code or logs
  • The version(s) of rxds you tested against

Do not open a public GitHub issue for security vulnerabilities.

1. Acknowledgement within 5 working days.
2. Investigation: confirm the problem, determine affected versions, audit related code.
3. Fix and release as quickly as reasonably possible.
4. Optional credit in changelog or release notes if you wish.

Give us reasonable time to investigate and fix before public disclosure. Coordinated disclosure protects everyone who uses rxds.