Thank you for helping keep telemetry-setup and its users safe.
Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussion threads.
Instead, report them privately to the maintainer using one of the following channels:
- email:
code@matthiaswende.de - or, if available, the repository's private security advisory workflow on GitHub
Please include as much detail as possible:
- affected crate version(s)
- affected feature flags or runtime configuration
- a description of the issue and its impact
- reproduction steps or a minimal proof of concept
- any suggested mitigation or fix, if known
You will receive an acknowledgment as soon as practical. The goal is to confirm receipt within 7 days.
Because the crate is pre-1.0 and currently early in its release lifecycle, security fixes are generally provided only for the latest published release.
After a report is received, the maintainer will:
- validate and reproduce the issue
- assess severity and impact
- prepare and test a fix
- coordinate a release
- publish an advisory or release note once a fix is available
Please allow reasonable time for investigation and remediation before public disclosure.