Security fixes apply to the current master branch and tagged releases that
remain in active use.
Please do not report security vulnerabilities through public GitHub issues.
Send a private report to security@c3.do with:
- A short description of the issue
- Steps to reproduce or validate it
- Affected files, versions, or runtime behavior
- Any known exploitability or impact
The maintainers will acknowledge the report, triage the impact, and coordinate a fix before public disclosure when appropriate.
This repository uses:
gitleakssecret scanning- Go:
gosecstatic analysis andgovulncheckdependency/call-path scanning - Rust:
cargo denylicense/advisory checks andcargo auditvulnerability scanning - Per-ecosystem Dependabot updates (gomod, cargo, npm, pip, github-actions)