If you discover a security vulnerability in a Kiloloop project, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, use GitHub's private vulnerability reporting on the affected repository when it is enabled. If private reporting is unavailable, use the repository's documented private security contact or another non-public maintainer channel.
- Acknowledgment: Within 48 hours of receiving your report.
- Assessment: We will evaluate the severity and impact within 7 days.
- Fix: Critical vulnerabilities will be patched within 30 days. We will coordinate disclosure timing with you.
We appreciate responsible disclosure and will credit reporters in release notes (unless you prefer to remain anonymous).