ApiHunter security fixes are currently provided for:

Please do not open public GitHub issues for suspected vulnerabilities.

Use one of these private channels:

• GitHub Security Advisories: use the repository "Report a vulnerability" flow.
• Email: teycir@pxdmail.net with subject prefix [ApiHunter Security].

Please provide:

• Affected version/commit and deployment context.
• Reproduction steps or proof-of-concept.
• Expected vs actual behavior.
• Impact assessment (confidentiality/integrity/availability).
• Any logs or traces that help validate the issue.

Current best-effort targets:

• Initial acknowledgment: within 5 business days.
• Triage decision (valid/not valid + severity): within 10 business days.
• Remediation plan or workaround for valid issues: as soon as practical based on severity.

• Please allow time for triage and remediation before public disclosure.
• After a fix is released, coordinated disclosure is welcome and appreciated.

Only test systems you own or are explicitly authorized to test. Unauthorized testing is prohibited.