We currently provide security updates for the latest major versions of ShadowBridge.

If you discover a security vulnerability within ShadowBridge, please report it via private communication rather than opening a public issue.

We take security seriously and ask that you report issues via GitHub's private vulnerability reporting feature on this repository, or directly contact the maintainer.

We will review your submission and aim to respond quickly with an acknowledgment and an estimated timeline for a resolution. Please allow us an appropriate amount of time to release a patch before disclosing the vulnerability publicly.

Note: While we do not have a formal bug bounty program at this time, valid and actionable findings may be considered for a discretionary payout on a case-by-case basis.