Please report security vulnerabilities privately — do not open a public issue, pull request, or discussion for a suspected vulnerability.
Report through a private GitHub security advisory on this repository (the Security → Report a vulnerability tab), which keeps the report confidential until a fix is ready to disclose.
When you report, please:
- Describe the issue and how to reproduce it.
- Avoid including secrets or live data. If a reproduction needs sensitive material, describe its shape rather than pasting the values.
ferry is pre-1.0, so only the latest minor release receives security fixes.
While the version is 0.y.z the CLI surface may still change between minor
versions; upgrade to the newest release to stay covered.