We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via one of the following methods:

1. GitHub Security Advisories (Preferred)

   • Go to the Security tab
   • Click "Report a vulnerability"
   • Fill out the form with details

2. Email

   • Send an email to security@loon-lib.io
   • Include "SECURITY" in the subject line

Please include the following information in your report:

• Type of vulnerability (e.g., buffer overflow, memory leak, etc.)
• Location of the affected code (file path and line numbers)
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact assessment

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Resolution Target: Within 30 days (depending on complexity)

• We will acknowledge receipt of your report within 48 hours
• We will work with you to understand and validate the issue
• We will keep you informed of our progress
• Once fixed, we will publicly acknowledge your contribution (unless you prefer anonymity)
• We follow coordinated disclosure practices

We consider security research conducted in accordance with this policy to be:

• Authorized and not unlawful
• Helpful to the security of our users
• Conducted in good faith

We will not pursue legal action against researchers who follow this policy.

When using loon in your projects:

• Always use the latest version
• Review the CHANGELOG for security-related updates
• Report any suspicious behavior