This document explains how to report vulnerabilities for imgsrv and which versions receive security attention.

imgsrv has not shipped a stable release yet. Until a release support policy is published, security fixes are handled on the default branch.

Report vulnerabilities privately through GitHub private vulnerability reporting:

https://github.com/meigma/imgsrv/security/advisories/new

Do not use public GitHub issues, pull requests, discussions, chat channels, or other public forums for vulnerability reports.

When reporting a vulnerability, include as much of the following as possible:

• affected version, commit, or deployment identifier
• a description of the issue and the security impact
• steps to reproduce or a minimal proof of concept
• any relevant logs, screenshots, or traces
• any suggested mitigations or fixes, if available

Meigma reviews vulnerability reports through GitHub Security Advisories. This project does not currently publish fixed acknowledgement or remediation timelines.