We take security seriously. If you discover a security vulnerability in the Huly Platform, please report it privately — do not open a public issue.
Use GitHub's private vulnerability reporting:
- Go to the Security tab of this repository.
- Click "Report a vulnerability".
- Fill in the advisory with as much detail as possible (affected component, reproduction steps, impact, suggested fix if any).
We'll acknowledge your report, investigate, and coordinate a fix and disclosure timeline with you before any public disclosure.
Security fixes are applied to the latest release on the main/develop
branch. Older versions are not guaranteed to receive patches.
This policy covers the code in this repository. Vulnerabilities in third-party dependencies should be reported upstream, though we're happy to hear about them too if they affect the Platform directly.