zwgsl is a compiler and tooling project. Security-relevant reports can include compiler crashes on untrusted shader input, memory safety issues in the native library or C API, malformed LSP message handling, and playground behavior that could expose users to unsafe content.
There are no tagged releases yet. Until the first release is cut, security fixes
target the main branch.
Please do not open a public issue with exploit details.
Use GitHub's private vulnerability reporting for this repository if it is available. If private reporting is not available, open a public issue that asks for a security contact without including sensitive details, reproduction steps, or proof-of-concept input.
Include these details in the private report when possible:
- affected component: compiler, CLI, LSP, C API, playground, or VS Code extension
- version, commit, or branch tested
- platform and tool versions
- minimal input or message sequence needed to reproduce the issue
- expected impact and whether the issue is already public
Maintainers should acknowledge private reports when they can, reproduce the
issue, prepare a focused fix, and coordinate disclosure timing with the reporter.
When a fix is user-visible, add an entry to CHANGELOG.md.