Please do not open a public GitHub issue for security vulnerabilities.
Email fcarvajalbrown@protonmail.com with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
You'll receive a response within 7 days. If the issue is confirmed, a fix will be released as soon as reasonably possible.
For a full vendor-security-review reference — architecture, SBOMs, cryptography, and compliance posture — see docs/security/trust.md.