Security updates are applied to the main branch.
Please do not open public issues for suspected vulnerabilities.
Use one of the following:
- GitHub Security Advisories (preferred):
- Create a private advisory at: https://github.com/evalops/cerebro/security/advisories/new
- If advisories are unavailable, contact maintainers privately and include:
- impact summary
- reproduction steps
- affected files/paths
- suggested remediation (if available)
We will acknowledge reports as quickly as possible, triage severity, and coordinate disclosure once a fix is available.