Thanks for helping keep Darkroom Engineering's projects and their users safe.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, report them privately through GitHub's Private Vulnerability Reporting:

1. Go to the affected repository's Security tab.
2. Click Report a vulnerability.
3. Fill in the details and submit.

If private reporting is unavailable for a given repository, email tech@darkroom.engineering instead.

Please include, where possible:

• The affected project and version (or commit).
• A description of the issue and its impact.
• Steps to reproduce, or a proof of concept.
• Any suggested remediation.

• Acknowledgement of your report as soon as we're able.
• An assessment and, where the issue is confirmed, a fix and coordinated disclosure.
• Credit for your report, if you'd like it.

This policy applies to all repositories under the darkroomengineering organization unless a repository provides its own SECURITY.md, which takes precedence.