Security Policy
If you discover a security vulnerability in these templates or examples, please follow this process to report it responsibly.
Preferred (no professional email required)
- Use GitHub Security Advisories (recommended): open this repository's Security → Advisories → Create private security advisory. Provide a clear summary, steps to reproduce, and suggested mitigations there. This keeps the report private until a fix is ready.
Alternate options
- If you cannot use GitHub Security Advisories, you may send a message to the maintainers by email; if you don't have a dedicated professional email, using a personal address (Gmail, ProtonMail, etc.) is acceptable. In that case include a PGP key if you prefer encrypted communication.
- As a last resort, open a public issue but do NOT include exploit details. Title it
SECURITY: <short description>and request a private channel for further disclosure.
Response & disclosure
- Give maintainers a reasonable time to respond and coordinate a fix before public disclosure.
- If you need to provide sensitive proof-of-concept details, ask for a private contact channel in your initial message.
Notes
- These templates are educational and do not provide full runtime security. Always audit configs and test in a safe environment before applying to production.