If you discover a security issue in Hemingway, please do not open a public issue.
Instead:
- Use GitHub's private vulnerability reporting (Security Advisory) for this repository when available.
- Include clear reproduction steps, impact, and affected versions.
- Vulnerability type and impact
- Reproduction steps or proof of concept
- Affected files or routes
- Suggested mitigation if known
Maintainers will acknowledge valid reports and work on a fix as quickly as possible. When possible, we will publish a coordinated fix and release notes.