If you believe you've found a security vulnerability in HarborFM, please report it privately so we can address it before it is disclosed publicly.
Do not open a public GitHub issue for security vulnerabilities.
Email security@harborfm.com with:
- A description of the issue and how it might be exploited
- Steps to reproduce (if possible)
- Any suggested fix or mitigation (optional)
We will acknowledge your report and will do our best to respond in a reasonable time. We may follow up for more details.
We are interested in vulnerabilities in HarborFM itself (server, web app, or deployment/config we ship). Issues in third-party dependencies should be reported to the respective project; we still appreciate a heads-up at security@harborfm.com so we can track and upgrade as needed.
Thank you for helping keep HarborFM and its users safe.