We take security seriously. If you discover a security vulnerability in ClearPipe, please email us directly instead of using the public issue tracker.

Please do not disclose security vulnerabilities publicly.

Send an email to the project maintainers with:

1. A description of the vulnerability
2. Steps to reproduce (if applicable)
3. Potential impact
4. Suggested fix (if you have one)

We will:

• Acknowledge receipt of your report within 48 hours
• Provide an estimated timeline for a fix
• Keep you informed of our progress
• Credit you in the security advisory (if you wish)

We provide security updates for the following versions:

When using ClearPipe:

• Keep your dependencies updated
• Follow the principle of least privilege
• Review any custom node implementations for security issues
• Report any suspicious activity or potential vulnerabilities

Security fixes will be released as soon as possible after verification and testing. Critical vulnerabilities will receive priority treatment.