Security Policy

CastCodes does not currently operate a dedicated security mailbox or private advisory program.

If you find a vulnerability, prefer GitHub private vulnerability reporting if it is enabled for this repository. If private reporting is not available, open a minimal public issue that avoids exploit details and ask maintainers to coordinate a private channel.

Do not report CastCodes issues to upstream security contacts unless the vulnerability is independently present in upstream.