Please do not open public issues for vulnerabilities. Report security issues privately by emailing EoF Software Lab or using GitHub private vulnerability reporting if it is enabled for the repository.
Include:
- affected version or commit
- reproduction steps
- expected and actual impact
- any logs or proof of concept that can be shared safely
We will acknowledge reports as soon as possible and coordinate a fix before public disclosure.
Do not commit:
- API keys, auth tokens, or provider credentials
.envfiles- signing certificates,
.p12/.pfxfiles, provisioning profiles, or developer profiles - Xcode
xcuserdata, breakpoints, orUserInterfaceState.xcuserstate - generated build outputs, archives, notarization artifacts, or local code signatures