Security Policy
We take security issues seriously and appreciate responsible disclosure.
Reporting a Vulnerability
Please do not open a public issue or pull request for security vulnerabilities.
Instead, report the issue privately to the maintainers:
Contact the project administrator,
Contact the Buffalo Herd team, or
If you get no response from the contact methods above, open an issue with no sensitive details asking how to report a security concern.
When reporting, include:
A description of the vulnerability and potential impact
Steps to reproduce (if safe)
Affected versions/commits
Any suggested mitigation or fix
Disclosure Process
After we receive a report, maintainers will:
Acknowledge receipt
Assess severity and scope
Work on a fix and coordinate a release (when applicable)
Provide credit in release notes if requested (optional)
Supported Versions
Security fixes are applied to the default development branch and may be backported to stable release branches when they exist.