Skip to content

Security: hcengineering/platform

SECURITY.md

Security Policy

Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability in the Huly Platform, please report it privately — do not open a public issue.

Use GitHub's private vulnerability reporting:

  1. Go to the Security tab of this repository.
  2. Click "Report a vulnerability".
  3. Fill in the advisory with as much detail as possible (affected component, reproduction steps, impact, suggested fix if any).

We'll acknowledge your report, investigate, and coordinate a fix and disclosure timeline with you before any public disclosure.

Supported Versions

Security fixes are applied to the latest release on the main/develop branch. Older versions are not guaranteed to receive patches.

Scope

This policy covers the code in this repository. Vulnerabilities in third-party dependencies should be reported upstream, though we're happy to hear about them too if they affect the Platform directly.

There aren't any published security advisories