Thank you for helping keep gion and its users safe.

Please do not report security vulnerabilities via public GitHub issues.

Preferred (private):

• Use GitHub Security Advisories: create a private report from the repository “Security” tab.

If you cannot use GitHub Security Advisories:

• Open a GitHub issue without sensitive details and ask maintainers for a private channel to continue.

• Affected component / command
• Impact (what an attacker can do)
• Reproduction steps (proof-of-concept if available)
• Affected versions / commit SHA (if known)
• Any mitigations or workarounds

• This project is maintained by an individual maintainer on a best-effort basis.
• I aim to acknowledge reports within 7 days (best effort).
• I will investigate, prepare a fix, and coordinate disclosure timing with the reporter when possible.
• If a release is needed, I will publish a fix via GitHub Releases (see docs/ops/RELEASING.md).

We typically support the latest released version. If you are using an older version, we may ask you to reproduce the issue on the latest release.