Do not open public issues for suspected vulnerabilities.
Use GitHub private vulnerability reporting for this repository:
https://github.com/boltbrain/boltbrain/security/advisories/new
If private reporting is unavailable, contact the maintainers directly and keep details non-public until a fix is ready.
- A clear description of the issue and affected component.
- Reproduction steps or a minimal proof of concept.
- Impact assessment.
- Any mitigations or patches you tested.
Do not include real secrets such as API tokens, macaroons, preimages, or private keys in the report.
- Reports will be acknowledged when maintainers are available.
- Fixes and mitigations should be coordinated before public disclosure.