Security Policy

Buffalo Wings takes security issues seriously and appreciates responsible disclosure.

Reporting a Vulnerability

Do not open a public issue or pull request for a suspected vulnerability.

Report privately to a maintainer using one of the following contacts.

  1. Contact the project administrator.

  2. Contact the BuffaloHerd team.

  3. If you do not receive a response, open a public issue with no sensitive details asking for a private reporting channel.

Include the vulnerability description, potential impact, and affected versions or commits. Include safe reproduction steps and any suggested mitigation if available.

Disclosure Process

Maintainers will acknowledge receipt within 7 calendar days. Maintainers will triage scope and severity and then coordinate remediation. If the report is valid, maintainers will prepare a fix and release guidance. Public disclosure should wait until a fix is available or a coordinated date is agreed. Reporters may request release-note credit, and anonymous disclosure is supported.

Supported Versions

Security fixes are applied to the default development branch first. Backports may be provided for supported release tags when practical. If no support window is stated for a release, only the latest release should be assumed supported.