Refrain is pre-1.0. Only the latest released version receives security fixes.
Please report security vulnerabilities privately. Do not open a public GitHub issue.
Preferred: use GitHub's private vulnerability reporting on this repo — go to the Security tab and click "Report a vulnerability."
Fallback: email devenjarvis@gmail.com with subject line [refrain security].
Please include:
- A description of the vulnerability and its impact
- Steps to reproduce (or a proof-of-concept)
- The version of Refrain you tested against (
refrain --version) - Your environment (OS, Go version if building from source)
You should receive an acknowledgment within a few days. Once the issue is confirmed, a fix will be coordinated before any public disclosure.