This repository is primarily a book companion and reference implementation repo.
Please report security concerns that affect:
- the repository code
- the GitHub Actions workflows
- the published site at https://www.universalmicroservices.com/
- the published reference app at https://www.universalmicroservices.com/reference-application/
Do not open a public issue for a suspected security problem.
Instead, report it privately to the maintainer with:
- a short description of the issue
- affected path or component
- reproduction steps
- impact assessment if known
- suggested mitigation if you have one
If a private security contact is available in the repo settings or project site, use that first.
The goal is to:
- acknowledge credible reports promptly
- reproduce and assess impact
- fix or mitigate the issue
- disclose publicly only after the issue is understood and addressed
The following are generally out of scope unless they create a real exploit path:
- purely local demo limitations in illustrative code
- missing hardening in non-deployed sample paths
- issues that require already-compromised local developer machines
If you are unsure whether something is in scope, report it privately anyway.