We take the security of our project seriously and appreciate your efforts to help us maintain a secure environment for all users.
Important
If you discover a security vulnerability, please do not create a public GitHub issue. Public disclosure can expose users to risk before a fix is available.
Instead, please report security vulnerabilities directly to our security team via email at info@getarcane.app.
Important
Reports must be written by a human, not generated by AI. This requirement may seem unusual, but it serves as a validation step to ensure submitted security issues are genuine and well-understood, rather than low-effort CVE farming.
If a report appears to be AI-generated, it may be closed unless our team can independently understand and validate the issue.
To help us address vulnerabilities effectively, please provide:
- A clear description of the vulnerability and its potential impact
- Detailed steps to reproduce the issue
- Information about the affected versions or environments
- Any suggested fixes, workarounds, or mitigations (if available)
We will:
- Acknowledge receipt of your report as soon as possible
- Investigate and validate the vulnerability promptly
- Work to develop and release a fix as quickly as possible
- Keep you informed of our progress throughout the process
We value responsible disclosure and are grateful for your contribution to the security of our project.
Important
If you are using AI to submit a vulnerability, please follow the rules documented in AI_POLICY.md. CVE farming and other low-effort submissions are disrespectful and put the burden of validation on the volunteer maintainers of this project.
Note: For general bug reports, feature requests, or other non-security issues, please use our GitHub issue tracker.