If you discover a security vulnerability in any klein.business repository, please report it responsibly.
Do not open a public issue. Instead, send an email to:
Include the following information:
- Repository and branch affected
- Description of the vulnerability
- Steps to reproduce
- Potential impact assessment
- Suggested fix (if available)
| Stage | Target |
|---|---|
| Acknowledgment | Within 48 hours |
| Initial assessment | Within 5 business days |
| Fix or mitigation | Depends on severity |
| Public disclosure | After fix is deployed |
This policy applies to all repositories under the klein-business GitHub organization.
Out of scope:
- Vulnerabilities in third-party dependencies (report these to the upstream maintainer)
- Social engineering attacks
- Denial of service attacks
Only the latest release on the default branch (main) of each repository is supported with security updates. Older versions do not receive patches.
We appreciate responsible disclosure. Contributors who report valid vulnerabilities will be credited in the release notes (unless they prefer to remain anonymous).