Astrolabe is currently maintained on the latest main branch.
Please do not create a public GitHub issue for security vulnerabilities.
Instead:
- Use GitHub’s private vulnerability reporting flow from the repository Security tab when it is available.
- If that is unavailable, contact the maintainer privately through GitHub profile contact options.
- Include:
- vulnerability description
- reproduction steps
- impact assessment
- suggested fix (if known)
- Initial acknowledgment: within 72 hours
- Triage decision: within 7 days
- Patch timeline: depends on severity and complexity
After a fix is available, coordinated public disclosure is encouraged.