Do not report security issues through public issues or public discussions.
Use GitHub Security Advisories for private disclosure when that channel is available for this repository.
If private advisory reporting is unavailable, contact the maintainer as @YrustPd first and request a private reporting path before sending exploit details.
Include enough information to assess the issue quickly:
- affected RayLimit version, branch, or commit
- Linux distribution and kernel when relevant
- reproduction steps or a proof of concept
- expected impact
- any mitigation you already confirmed
RayLimit is currently in its public beta line.
Security fixes are expected to target:
- the current public beta release line
- the current
mainbranch when the issue has not yet been released
Older beta builds may not receive backported fixes.