If you discover a potential security vulnerability in this project, please report it privately to the maintainers at: support@devray.site.
When reporting, please include:
- Affected version(s) or commit hash
- A clear description of the vulnerability
- Steps to reproduce, PoC, or exploit if available
- Suggested mitigations (optional)
- Your contact information (optional)
Do NOT include sensitive information in public issues.
- Acknowledgement: We'll acknowledge receipt within 3 business days.
- Initial Triage: We'll triage and confirm severity within 7 days.
- Fix & Disclosure: We'll work with the reporter on a coordinated disclosure timeline, issue a patch, and publish advisory details once a fix is available.
We will coordinate with the reporter for public disclosure. If you prefer to remain anonymous, please state that in your report.
If the issue deserves a CVE, we will request one during the coordination process.