We take the security of our software seriously. If you believe you have found a security vulnerability, we encourage you to report it to us responsibly.

Please do not report security vulnerabilities through public GitHub issues.

To report a vulnerability, please email the details to security@xlansoftware.com

Please include the following information in your report to help us understand and triage the issue:

• The project version affected.
• A detailed description of the vulnerability and the impact.
• Steps to reproduce the issue (proof-of-concept code, screenshots, or videos are highly appreciated).
• Your contact information (optional, but allows us to ask follow-up questions).

After you have submitted a vulnerability report, you can expect the following timeline:

1. Acknowledgement: We will acknowledge receipt of your report within 7 business days.
2. Assessment: Our team will work to verify the issue and assess its impact. We may contact you for additional details.
3. Decision: We will keep you informed of our decision to accept or decline the vulnerability for remediation.
4. Resolution: If accepted, we will work on a fix. The time to resolution depends on the complexity of the issue.
5. Disclosure: Once a patch is released, we will publicly disclose the vulnerability in a security advisory. We will credit the reporter unless you wish to remain anonymous.

We strive to handle all reports fairly and promptly. We appreciate your effort in making our project more secure.