Use this process for vulnerabilities, secrets exposure, unsafe defaults, privilege escalation paths, insecure examples or supply-chain concerns identified in Seppmail-API-PowerShell.
Do not open a public issue for:
- working exploit details
- customer-specific indicators
- credentials, tokens, certificates or keys
- screenshots that expose identities, tenants or endpoints
- Prepare a short report with affected files, suspected impact and reproduction steps.
- Include remediation ideas when available.
- Use the contact and disclosure routes documented in
SECURITY.mdandSUPPORT.md. - Coordinate a fix before public disclosure.
Evaluate reports against:
- confidentiality impact
- integrity impact
- availability impact
- exposure of privileged identities or administrative APIs
- likelihood of accidental misuse by operators
- commit reference
- affected example path
- configuration fragment
- expected secure behavior
- observed insecure behavior