If you discover a security vulnerability in any Plume Network repository, please report it responsibly.
Please do NOT create a public GitHub issue for security vulnerabilities.
Instead, please email security@plume.org with:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (optional)
We will acknowledge receipt within 48 hours and aim to provide a detailed response within 7 days.
We release patches for security vulnerabilities in the latest major versions of our actively maintained projects.
Security updates will be released as soon as possible after a vulnerability is confirmed. Updates will be published through:
- GitHub Security Advisories
- Release notes
- Direct communication for critical issues
When contributing to Plume Network repositories:
- Never commit secrets, API keys, or credentials
- Use environment variables for sensitive configuration
- Follow secure coding practices
- Report any security concerns promptly