We appreciate all efforts to discover and responsibly disclose security vulnerabilities. If you think you found a security issue in a Fermyon project, please send an email to security@fermyon.com.
If possible, please include the following information:
- the type of the issue or vulnerability
- steps to reproduce, proof of concept, or a minimal verifiable example demonstrating the issue or vulnerability
- versions (or commit SHAs) for the tools used, and any special configuration
- impact of the issue
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
After an initial reply to your report, our team will update you with the progress towards remediating the issue, and with any potential next steps.
Thank you for helping us keep our projects secure!