We take the security of qorechain-rdk and the QoreChain network seriously.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, report them privately by email to:
Please include as much of the following as you can:
- A description of the vulnerability and its potential impact.
- Steps to reproduce, or a proof of concept.
- Any affected versions or packages.
- Suggested remediation, if you have one.
- We will acknowledge receipt of your report as soon as we can.
- We will investigate and keep you informed of our progress.
- We will work with you on coordinated disclosure once a fix is available.
We appreciate responsible disclosure and your help in keeping the ecosystem safe.
The RDK is a client/operator toolkit. Sequencer and operator signing keys are
always loaded from your own environment — never hardcode or commit them. Example
configurations use placeholders only; see .env.example.
This project is in active development. Security fixes are applied to the latest released versions of each package. Older pre-release versions may not receive backported fixes.