We take security seriously. If you discover a security vulnerability in httix, please report it responsibly.

1. Do not open a public GitHub issue for security vulnerabilities.

2. Email the security contact directly:

   • Email: avinashvelu03@gmail.com
   • Subject: [SECURITY] httix vulnerability report

3. Include the following information in your report:

   • A description of the vulnerability.
   • Steps to reproduce the issue.
   • The affected version(s).
   • Any potential impact or exploit scenario.
   • If possible, a suggested fix or mitigation.

• Acknowledgment: You will receive a response within 48 hours confirming receipt of your report.
• Assessment: We will investigate and assess the severity of the vulnerability within 5 business days.
• Resolution: We will provide a status update and, if applicable, a patched version within 14 days of the initial report.
• Credit: If you would like to be credited, please let us know in your report. We will acknowledge your contribution in the release notes unless you prefer to remain anonymous.
• Coordination: We ask that you do not publicly disclose the vulnerability until a fix has been released, unless you have explicit permission.

We follow a coordinated disclosure approach:

1. Vulnerability is reported privately.
2. We confirm receipt and begin investigation.
3. A patch is developed and tested.
4. A new release is published with the fix.
5. The vulnerability is publicly disclosed (typically in the release notes and/or a security advisory).
6. Credit is given to the reporter (with their consent).

We appreciate your help in keeping httix and its users safe.