If you discover a security vulnerability, please report it privately.
Do not open a public issue.
Email: security@rafters.studio
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to respond within 48 hours and provide a fix within 7 days for critical issues.
This policy applies to all rafters-studio repositories and services:
- rafters.studio
- api.rafters.studio
- All public repositories
We appreciate responsible disclosure. Contributors who report valid security issues will be credited in release notes (unless they prefer anonymity).