At Zephyrus Foundation, we take the security of our systems seriously. If you discover a security vulnerability in any of our projects, please help us responsibly disclose the issue.
Please report security vulnerabilities directly to us via the following email:
Your report should include:
- A detailed description of the vulnerability.
- Steps to reproduce the issue.
- Any potential impacts or consequences.
- If possible, a proof of concept (PoC) to demonstrate the vulnerability.
Please DO NOT create public issues on GitHub for security vulnerabilities, as this could expose the vulnerability to others before it is fixed.
- We aim to acknowledge receipt of the report within 48 hours.
- A fix will be prioritized and released as soon as possible, depending on the severity of the vulnerability.
- We will keep you updated on the status of the issue and notify you when it is resolved.
This security policy covers the following repositories:
- All repositories within the Zephyrus Foundation GitHub organization.
- If you are unsure whether an issue is security-related, err on the side of caution and report it via the security email.
- We ask that you give us reasonable time to fix any vulnerabilities before publicly disclosing the issue.
- We encourage you to check for and report any third-party libraries or dependencies that may also be vulnerable.
We recommend that users regularly update their versions of our software to the latest stable releases, as these often include important security updates.
We appreciate the effort of all contributors and security researchers who take the time to help keep our projects safe.