Please do not report security issues by posting secrets, PHI, customer data, credentials, logs, screenshots, OAuth tokens, or confidential information in public issues or discussions.

If you need to report a security concern before a dedicated Buffaly security email exists, open a minimal GitHub issue stating that you have a security concern and avoid sensitive details. A private contact route can then be arranged.

When a Buffaly-controlled security address is created, this file should be updated to point to it directly.