Do not report vulnerabilities in public issues, pull requests, discussions, or commit comments.
Report suspected vulnerabilities privately to:
security@jorisjonkers.dev
Include:
- affected repository and commit, tag, or version
- concise impact description
- reproduction steps or proof of concept
- relevant logs with secrets and private data removed
Security reports are reviewed privately. Public disclosure, issue creation, and fix details are coordinated by Joris Jonkers after the risk is understood and a remediation path exists.
Only the current default branch and actively released packages or images are in scope. Archived repositories, old branches, and historical tags are not supported unless Joris Jonkers explicitly says otherwise.
Public visibility does not grant permission to use, copy, modify, deploy,
redistribute, or derive from this code. Repository licensing is governed by the
root LICENSE file.