krnr is actively maintained and security updates are provided for supported releases. We recommend using the latest release to ensure you have the most recent fixes.

If you discover a security vulnerability in krnr, we encourage responsible disclosure to protect our users. We take security seriously and appreciate your help.

• Preferred Method: Email the maintainers at izeno.contact@gmail.com with a clear description of the vulnerability and steps to reproduce it (if known). Please include the potential impact and any suggested mitigations.
• Alternative: Use the Security Report issue template on the Issues page. We recommend private reporting via email to avoid public disclosure before a fix is available.
• Sensitive Matters: For highly sensitive issues, open a private issue labeled "Security Violation" on the repository so only maintainers see it.

• Acknowledgment: We will acknowledge your report within 48 hours.
• Investigation: We will investigate within 7 days and prioritize critical issues.
• Resolution: If confirmed, we will prepare and release a fix as soon as feasible and coordinate disclosure.
• Credit: With your permission, we may credit you in release notes or an advisory for responsible disclosure.

• Responsible Disclosure: Do not publicly disclose the vulnerability until a fix is available and disclosure is coordinated.
• No Exploitation: Do not exploit vulnerabilities in ways that harm users or the project.
• Follow Community Standards: Adhere to our Contributing Guidelines and Code of Conduct. Avoid including unverified links or promotional content in reports.

• Always use the latest release (see Releases).
• Keep your toolchain (Go, OS packages) up to date.
• Run krnr in a secure environment and avoid exposing sensitive credentials.

For security-related questions or follow-ups, email izeno.contact@gmail.com or open a private issue labeled "Security Violation."

Thank you for helping keep krnr and its users safe!