If you discover a vulnerability in igloo-server, please report it privately so we can fix it quickly.
- Email: bitcoinplebdev@protonmail.com (preferred for coordinated disclosure)
- GitHub: open a private security advisory
- Include reproduction steps, affected versions/commits, and impact.
- Avoid filing public GitHub issues for vulnerabilities.
- Allow us reasonable time to investigate and release a fix before public disclosure.
Operational security, configuration, and hardening details live in docs/SECURITY.md.