Security

Report vulnerabilities privately via GitHub security advisories.

Accepted advisories

CI audit (rebar3 audit) skips the IDs below. Each has no upstream fix and does not apply to this site.

Advisory	Dependency	Why accepted
GHSA-g2wm-735q-3f56 (CVE-2026-43969)	cowlib `cow_cookie:cookie/1`	LOW; vulnerable `<= 2.16.1`, no fixed release yet. The site is a static marketing/docs app with no sessions or cookies, so the cookie encoder is never used. Drop this entry once cowlib ships a fix above 2.16.1.

Name		Name	Last commit message	Last commit date
Latest commit History 61 Commits
.github/workflows		.github/workflows
config		config
include		include
priv/static/assets		priv/static/assets
scripts		scripts
src		src
test		test
.dockerignore		.dockerignore
.gitignore		.gitignore
.tool-versions		.tool-versions
AGENTS.md		AGENTS.md
DEPLOY.md		DEPLOY.md
Dockerfile		Dockerfile
SECURITY.md		SECURITY.md
rebar.config		rebar.config
rebar.lock		rebar.lock