If you think you have identified a security issue, please do not open a public issue.

Use GitHub Private Vulnerability Reporting if possible. Click Security then Report a vulnerability to report.

If private reporting is unavailable, contact the maintainers at isaac@dspy.ai.

Include enough detail for the maintainers to reproduce, validate, and assess the report, and redact any secrets before sharing a report.

We aim to acknowledge reports as fast as possible and coordinate a fix. The resolution times are best-effort, and will vary based on the reported severity and complexity.

Please avoid publicly disclosing a vulnerability until the maintainers have had a reasonable opportunity to investigate and remediate it.