Security fixes are applied to the latest code on main.
Please do not open a public issue for undisclosed vulnerabilities.
Use one of the following:
- Preferred: GitHub private vulnerability report
https://github.com/braedonsaunders/oneshot/security/advisories/new - Fallback: contact the repository maintainers directly on GitHub if the advisory form is unavailable.
- Affected version/commit
- Reproduction steps or proof of concept
- Impact assessment
- Any proposed mitigation
- Initial acknowledgment target: within 72 hours
- Triage and remediation timeline depends on severity and exploitability
- Credit is provided unless you request anonymity