The ciqol organization takes the security of our software seriously. Thank you for helping keep our projects and users safe.

Please do not report security vulnerabilities through public GitHub issues.

Instead, report them privately using GitHub's private vulnerability reporting: go to the affected repository's Security tab and click Report a vulnerability.

Please include as much of the following as possible:

• A description of the vulnerability and its potential impact
• Steps to reproduce or a proof of concept
• Affected versions, components, or repositories
• Any suggested mitigation

• We will acknowledge your report within 3 business days.
• We will investigate and keep you informed of our progress.
• Once resolved, we will coordinate disclosure and credit you if you wish.

This policy applies to repositories owned by the ciqol organization unless a specific repository defines its own SECURITY.md.