We take the security of Allons-y Studio projects seriously. Thank you for helping keep our software and our users safe.

Unless a repository documents otherwise, we provide security fixes for the latest released major version of each project. Older versions are supported on a best-effort basis only.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, report them privately using one of the following:

• GitHub Security Advisories (preferred): use the "Report a vulnerability" button under the Security tab of the affected repository, or open one here.
• Email: security@allons-y.studio

Please include as much of the following as you can:

• The type of issue and the affected project/version.
• Steps to reproduce or a proof of concept.
• The potential impact, including how an attacker might exploit it.
• Any suggested mitigations, if you have them.

• Acknowledgement within 3 business days.
• An assessment and, where confirmed, a plan and timeline for a fix.
• Regular updates as we work toward a resolution.
• Credit for your responsible disclosure, if you'd like it.

We ask that you give us a reasonable opportunity to address the issue before any public disclosure. We're committed to coordinating with you throughout the process.

Thank you for practicing responsible disclosure. 🔐