If you believe you have found a security vulnerability in an official PeakURL repository, please do not open a public GitHub issue.
Instead, report it privately to:
security@peakurl.org
When possible, include:
- a clear description of the issue
- the affected repository, version, or deployment context
- steps to reproduce
- proof of concept details, if available
- any suggested mitigation or fix
PeakURL maintainers will review the report and respond as soon as practical.
The usual process is:
- acknowledge the report
- validate and assess the issue
- prepare a fix or mitigation
- publish the fix through the normal release process
If the issue is confirmed, we will aim to handle disclosure responsibly and avoid exposing users to unnecessary risk before a fix is available.
This policy applies to official PeakURL repositories unless a repository includes a more specific security policy of its own.