The ObzenFlow project takes security seriously. If you believe you have found a security vulnerability, please report it responsibly so we can investigate and fix it.

Preferred: Use GitHub Security Advisories for private reporting (GitHub repo → Security → Report a vulnerability).

If private reporting is not available, open a GitHub issue asking for a private channel without including sensitive details (no exploits, tokens, customer data, or endpoint URLs).

• A clear description of the issue and potential impact
• Steps to reproduce (ideally a minimal PoC)
• Affected versions/commit SHA
• Any relevant logs, screenshots, or configs (with secrets redacted)

• We aim to acknowledge reports with urgency.
• We’ll provide a status update once we can reproduce and assess severity.
• We’ll coordinate a fix and disclosure timeline with the reporter when possible.

In scope:

• Vulnerabilities in this repository’s code and official release artifacts

Out of scope (generally):

• Issues in third-party services or infrastructure outside this repo
• Social engineering, phishing, physical attacks
• Findings that require already-compromised credentials or local root/admin access

Security fixes are typically applied to:

• main (and the latest release, once releases are published)

Older versions may not receive patches; upgrading is recommended.