The following versions of ChainForge are currently receiving security updates:

ChainForge handles sensitive humanitarian aid data and recipient PII. We take security seriously.

Please do NOT report security vulnerabilities through public GitHub Issues.

1. Email: Send a detailed report to the maintainers via the contact information in the README.
2. GitHub Private Disclosure: Use GitHub's private vulnerability reporting feature.

• A description of the vulnerability and its potential impact
• Steps to reproduce the issue
• Any proof-of-concept code (if applicable)
• Suggested fix (if you have one)

• Acknowledgement: Within 48 hours
• Initial assessment: Within 5 business days
• Patch or mitigation: Within 30 days for critical issues

Areas of particular concern given ChainForge's use case:

• Smart contract vulnerabilities on Stellar/Soroban
• PII data exposure or leakage
• Authentication and authorization bypasses
• SQL/NoSQL injection
• Insecure data transmission

Thank you for helping keep ChainForge and its users safe.