This is a copy of the security policy in the core Ash repo. That is the authoritative source.
This repository follows the OpenSSF Vulnerability Disclosure guide. You can learn more about it in the Finders Guide.
Please report vulnerabilities via the GitHub Security Vulnerability Reporting
or via email to security@ash-hq.org
if this does not work for you.
Someone from the core team respond within 3 working days of your report. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.
If you have questions about reporting security issues, email the vulnerability
management team: security@erlef.org