We take the security of Shepherd seriously. Thank you for helping keep the project and its users safe.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, report them privately through GitHub's private vulnerability reporting:
- Go to the Security tab of this repository.
- Click "Report a vulnerability" to open a private security advisory.
Please include as much of the following as you can:
- A description of the vulnerability and its potential impact
- Steps to reproduce, or a proof-of-concept
- Affected versions, components, or configurations
- Any suggested mitigation, if you have one
- We will acknowledge your report as soon as we can and keep you informed as we investigate.
- Once a fix is released, we are happy to credit you in the advisory unless you prefer to remain anonymous.
- Please give us a reasonable opportunity to address the issue before any public disclosure.
Shepherd is in active pre-1.0 development. Security fixes are applied to the
latest release tracking the main branch.