If you discover a security vulnerability in crocking, please report it through one of the channels below.
For sensitive issues (anything that could expose users if disclosed publicly), use GitHub's private vulnerability reporting to disclose confidentially.
For non-sensitive issues, open a GitHub issue with the security label.
I aim to acknowledge reports within a few days and to keep you updated through remediation. Please allow a reasonable window to address the issue before public disclosure.