RhoeLiquid accepts responsible disclosure for vulnerabilities affecting template parsing, rendering, DOCX processing, HTTP service behavior, CLI execution, and WebAssembly integration.
The first supported public line is 0.1.x after the initial public release is tagged.
Before GitHub private vulnerability reporting is enabled on the public repo, contact the RhoePlatform maintainers privately through the organization security channel. Do not open public issues for suspected vulnerabilities.
Please include:
- A clear description of the vulnerability.
- Minimal reproduction steps or a proof of concept.
- Affected package targets, platforms, and versions.
- Any known impact on confidentiality, integrity, availability, or sandbox boundaries.
Maintainers will acknowledge valid reports, triage severity, prepare a fix on a private branch if needed, and publish coordinated release notes once remediation is available.
Security fixes and advisories for this repository are governed by the Apache 2.0 license in LICENSE.