If you discover a security vulnerability in the CargoWall GitHub Action, please report it through GitHub Security Advisories.
Please include:
- A description of the vulnerability
- Steps to reproduce
- Any relevant logs or screenshots
We will acknowledge your report within 48 hours and aim to provide a fix or mitigation plan within 7 business days.
This policy covers the CargoWall GitHub Action — the installation, configuration, and orchestration layer that runs CargoWall in GitHub Actions workflows.
For vulnerabilities in CargoWall itself (the eBPF programs, userspace daemon, DNS proxy, or configuration handling), please report them to the main CargoWall repository.
Security fixes are applied to the latest release only.