SECURITY.md

This is a copy of the security policy in the core Ash repo. That is the authoritative source.

This repository follows theOpenSSF Vulnerability Disclosure guide. You can learn more about it in theFinders Guide.

Please report vulnerabilities via theGitHub Security Vulnerability Reportingor via email tosecurity@ash-hq.org if this does not work for you.

Someone from the core team respond within 3 working days of yourreport. If the issue is confirmed as a vulnerability, we will open a SecurityAdvisory. This project follows a 90 day disclosure timeline.

If you have questions about reporting security issues, email the vulnerabilitymanagement team:security@erlef.org

There aren’t any published security advisories