Security of Treegress Browser Core is handled by Treegress maintainers.
Do not report security vulnerabilities in public issues.
Preferred channel:
- Open a private vulnerability report via GitHub Security Advisories in this repository (
Security->Report a vulnerability).
If private reporting is unavailable in your environment, contact repository maintainers directly and avoid posting exploit details publicly.
Please include as much of the following as possible:
- vulnerability type
- affected files/paths
- affected branch/tag/commit
- reproduction steps
- proof of concept (if available)
- impact and attack scenario
- suggested mitigation (if known)
We follow coordinated vulnerability disclosure:
- report privately first
- allow maintainers to investigate and patch
- publish details only after a fix is available or a coordinated disclosure date is agreed