If you discover a security vulnerability in any cogos-dev project, please report it responsibly via GitHub's private vulnerability reporting feature on the affected repository.

Please include:

• Description of the vulnerability
• Steps to reproduce
• Affected component (cogos, mod3, constellation, etc.)

We will acknowledge receipt within 48 hours and provide an initial assessment within 7 days.

Only the latest release of each project is supported with security updates.