We take security vulnerabilities seriously. If you discover a security vulnerability within zigantic, please follow these steps:

Please do not open a public GitHub issue for security vulnerabilities. This helps protect users while we work on a fix.

Send a detailed report to:

• Email: Create a private security advisory
• GitHub Security Advisories: Use the "Report a vulnerability" button on the Security tab

Please include the following information in your report:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact
• Suggested fix (if any)
• Your name/handle for credit (optional)

• Acknowledgment: We will acknowledge receipt within 48 hours
• Assessment: We will assess the vulnerability and determine its severity
• Updates: We will keep you informed of our progress
• Fix: We will work on a fix and coordinate a release
• Credit: With your permission, we will credit you in the release notes

This security policy applies to:

• The zigantic library (src/ directory)
• Official examples (examples/ directory)
• Build scripts (build.zig, build.zig.zon)

• Third-party dependencies
• User applications built with zigantic
• Documentation website infrastructure

When using zigantic, we recommend:

1. Keep Updated: Use the latest version of zigantic
2. Validate All Input: Never trust user input
3. Handle Errors: Always handle validation errors appropriately
4. Use Secret Types: Use z.Secret for sensitive data like passwords

zigantic includes automatic update checking to help you stay current with security patches. This feature:

• Runs in the background on first JSON function use
• Notifies you of available updates
• Can be disabled with z.disableUpdateCheck() if needed

Thank you for helping keep zigantic and its users safe!