This file is the public vulnerability disclosure entrypoint for repository visitors and platform discovery.
It intentionally stays minimal.
Long-term maintainer notes, operational security details, and module-level security context are maintained in the repository's internal project memory, not duplicated here.
Do not open a public issue for security vulnerabilities.
Contact:
security@tcrn-tms.com- Or contact
@tpmoonchefryandirectly
Please include:
- vulnerability type
- reproduction steps
- impact assessment
- suggested fix, if available
- Acknowledgment within 48 hours
- Initial assessment within 7 days
- Critical-fix target within 30 days when applicable
In scope:
- TCRN TMS web, api, and worker applications
- PII service
- authentication and authorization flows
- encryption, privacy, and tenant-isolation controls
- third-party integration surfaces maintained by this project
Out of scope:
- denial-of-service attacks
- social engineering
- physical security issues
- vulnerabilities that belong to third-party dependencies only