We take the security of our project seriously and appreciate your efforts to help us maintain a secure environment for all users.
Important
If you discover a security vulnerability, please do not create a public GitHub issue. Public disclosure can expose users to risk before a fix is available.
Instead, please report security vulnerabilities directly to our security team via email at info@getarcane.app.
To help us address vulnerabilities effectively, please provide:
- A clear description of the vulnerability and its potential impact
- Detailed steps to reproduce the issue
- Information about the affected versions or environments
- Any suggested fixes, workarounds, or mitigations (if available)
We will:
- Acknowledge receipt of your report within 48 hours
- Investigate and validate the vulnerability promptly
- Work to develop and release a fix as quickly as possible
- Keep you informed of our progress throughout the process
We value responsible disclosure and are grateful for your contribution to the security of our project.
Important
If you are using AI to submit a vulnerability, please follow the rules documented in AI_POLICY.md. CVE farming and other low-effort submissions are disrespectful and put the burden of validation on the volunteer maintainers of this project.
Note: For general bug reports, feature requests, or other non-security issues, please use our GitHub issue tracker.