Please do not open public GitHub issues for security vulnerabilities.
For suspected vulnerabilities in BCP, email:
gabrielsantos5499@gmail.com
Use the subject line:
[BCP security] <short summary>
Include:
- affected version or commit
- reproduction steps
- impact assessment
- any proposed mitigation
BCP is local-first and intentionally small, but issues that affect file boundary handling, parser safety, path traversal, or unintended code execution should be treated as security-sensitive.