Skip to content

Security: brokenhandsio/kiln

SECURITY.md

Security Policy

We take the security of our software seriously. If you believe you have found a security vulnerability in any Broken Hands repository, please report it to us responsibly using one of the methods below.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, use either of the following:

  • Email: security@brokenhands.io
  • GitHub private vulnerability reporting: Use the Report a vulnerability button on the repository's Security tab.

Please include as much detail as you can to help us understand and reproduce the issue, such as:

  • The affected repository and version
  • A description of the vulnerability and its potential impact
  • Steps to reproduce, including any proof-of-concept code
  • Any suggested mitigations, if known

What to Expect

  • We will acknowledge your report within one week.
  • We aim to provide a fix within 30 days of acknowledgement, unless otherwise agreed with you.
  • We will keep you informed of our progress and will let you know when the issue has been resolved.

We appreciate your efforts to disclose your findings responsibly and will make every effort to acknowledge your contribution.

There aren't any published security advisories