Security is a top priority for ChainSmith.

We generally support security fixes for the latest released minor version.

Please do not open a public GitHub issue for security vulnerabilities.

Use one of the following private reporting channels:

1. GitHub Security Advisories (preferred, if enabled)
   • Go to the repository Security tab → Advisories → New draft security advisory.
2. Email
   • Send details to: chainsmith@57blocks.com

When reporting, please include:

• A clear description of the issue and impact
• Steps to reproduce (proof-of-concept if available)
• Affected versions and environments
• Any relevant logs, stack traces, or screenshots (redact secrets)

• We aim to acknowledge receipt within 2 business days.
• We will work with you to validate the report and determine severity.
• If a fix is required, we will coordinate a responsible disclosure timeline.

Thank you for helping keep ChainSmith and its users safe.