This policy applies to every The Fisher Slopworks Co
repository that does not ship its own SECURITY.md.
Our projects are developed as rolling releases. Security fixes are applied to the
latest commit on the main branch of the affected repository. Please make sure
you are running an up-to-date build before reporting an issue.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, use one of these private channels:
- GitHub private vulnerability reporting (preferred). Open the affected repository's Security tab and choose Report a vulnerability to file a private advisory.
- Email. Write to security@slopworks.org with the details.
Please include:
- the repository affected,
- a description of the vulnerability and its impact,
- the affected version or commit,
- step-by-step instructions to reproduce it, and
- any proof-of-concept or suggested fix, if you have one.
- We aim to acknowledge your report within 5 business days.
- We will keep you updated on progress toward a fix.
- Once a fix ships, we are happy to credit you for the disclosure unless you prefer to remain anonymous.
Thank you for helping keep our projects and their users safe.