Do NOT report security vulnerabilities through public GitHub issues.
Report vulnerabilities via:
- GitHub Security Advisories: Report privately at cyberfabric/cyberfabric-core/security/advisories/new
- Direct Contact: Email security team (security@acronis.com) and maintainers directly
- Vulnerability type
- Affected source file paths
- Source location (tag/branch/commit or URL)
- Reproduction steps
- Configuration requirements (if any)
- Proof-of-concept code (if available)
- Impact assessment
- Acknowledgment: 48 hours
- Fix target: 7-90 days from disclosure, depending on severity
- Credit: Provided in security advisory (unless anonymity requested)
- Review Security Practices
- Review Security Guidelines for coding standards
- Security advisory published
- Patch release created
- Notification via GitHub releases
- Public disclosure after update window