Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them via email to: erdemarslan@ymail.com

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Resolution Target: Within 30 days (depending on severity)

1. Acknowledgment: We will confirm receipt of your report
2. Investigation: We will investigate and validate the issue
3. Communication: We will keep you informed of our progress
4. Credit: We will credit you in security advisories (unless you prefer anonymity)

When deploying MindFry:

1. Network Isolation: Run on internal networks only; do not expose to public internet without authentication proxy
2. Firewall Rules: Restrict port 9527 access to trusted clients only
3. Resource Limits: Configure maxFrameSize to prevent memory exhaustion attacks
4. Monitoring: Enable logging and monitor for unusual connection patterns

• No Built-in Authentication: MFBP protocol does not include authentication. Use network-level security.
• No Encryption: TCP traffic is unencrypted. Use TLS termination proxy for production.

Published advisories will be listed here and on the GitHub Security tab.