Security Policy

Reporting a vulnerability

Please do not open a public GitHub issue for security reports.

Instead, use one of these private channels:

• GitHub Security Advisories (preferred): open a private advisory in the repository.
• Email: send a report to contact@abstractcore.ai with subject "Security report: AbstractCore".

Include as much of the following as possible:

• A clear description of the issue and why it matters.
• Steps to reproduce (proof-of-concept code is welcome).
• The affected version(s) (see abstractcore.__version__).
• Any suggested fix or mitigation, if you have one.

What to expect

• We will acknowledge receipt of your report within 72 hours.
• We will assess impact, determine a fix, and coordinate a disclosure timeline.

Supported versions

Security fixes are typically released for the latest published version.