If you discover a security vulnerability in this repository, please do not file a public issue. Instead, email security@pilotprotocol.network with:
- A description of the issue and its impact
- Steps to reproduce (proof-of-concept code or
curlinvocation preferred) - Affected versions / commit SHAs
- Your contact info for follow-up
We aim to acknowledge reports within 2 business days, provide a preliminary assessment within 5 business days, and ship a fix or public disclosure within 30 days for high-severity issues. Coordinated disclosure timelines are negotiable for low-severity findings.
Only the latest released main is actively supported. Older releases get
security fixes only for critical vulnerabilities, and only when a clean
backport is feasible.
There is no formal bug bounty program at this time. Researchers who report high-quality findings will be credited (with permission) in release notes.