If you discover a security vulnerability in OpenDecree, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please report it via GitHub Security Advisories with:
- A description of the vulnerability
- Steps to reproduce
- The potential impact
- Any suggested fix (optional)
You should receive a response within 48 hours. We will work with you to understand and address the issue before any public disclosure.
This policy covers the demo code and configurations in this repository. For issues in the core service, CLI, or SDKs, please report to the main repository.