If you discover a security vulnerability, please report it by:
- Do not open a public issue
- Email the maintainer directly or use GitHub's private vulnerability reporting
We will respond within 48 hours and work with you to understand and address the issue.
We provide security updates for the latest major version of each project.
Our projects follow these security practices:
- Dependencies are regularly updated via Dependabot
- CodeQL SAST runs on all pull requests
- golangci-lint with gosec checks enabled