The security policy. Fixes are prioritized on the latest release and the current `dev` branch. Vulnerabilities go privately to `chris@eigenweltlabs.com` (subject `[LegalWork security] <summary>`), never public issues, with a description, repro/PoC, impact, and suggested remediation. Commits to a response SLA: acknowledge within 3 business days, initial triage within 7, and coordinated private disclosure until a fix is available. When reporting or triaging a security vulnerability.
Security Policy
Supported versions
LegalWork is under active development and we prioritize fixes on the latest release and
the current dev branch.
Reporting a vulnerability
Please do not open public GitHub issues for security vulnerabilities.
Instead, report vulnerabilities privately to:
- Email:
chris@eigenweltlabs.com - Subject:
[LegalWork security] <short summary>
Please include:
- A clear description of the issue
- Reproduction steps or proof of concept
- Impact assessment
- Suggested remediation (if known)
Response expectations
- We will acknowledge receipt within 3 business days.
- We will provide an initial triage status within 7 business days.
- We will share remediation or mitigation guidance as soon as available.
Disclosure guidance
Please keep details private until a fix or mitigation is available and maintainers confirm public disclosure timing.