iHBV values responsible disclosure and disciplined security research. If you believe you have identified a vulnerability in an iHBV project, report it privately so it can be reviewed and addressed responsibly.
Security support is provided for actively maintained repositories under the iHBV organization. Support status may vary by project based on maintenance activity, release cadence, and operational relevance.
If a repository is actively maintained, security issues affecting the latest supported version are generally in scope.
If you believe you have discovered a security vulnerability in an iHBV project, please report it responsibly by emailing:
Please include the following where possible:
- A clear description of the issue
- Affected project and version
- Steps to reproduce
- Proof-of-concept code or screenshots, if appropriate
- Potential impact
- Any suggested remediation or mitigation
Please do not open public issues for suspected security vulnerabilities.
When a report is received, we will make a reasonable effort to:
- Acknowledge receipt of the report
- Review and validate the issue
- Assess impact and affected scope
- Develop and apply a fix or mitigation where appropriate
- Coordinate disclosure responsibly
Response times may vary depending on the complexity, severity, and current maintenance status of the affected project.
We ask that vulnerabilities not be publicly disclosed until we have had a reasonable opportunity to investigate and address the issue.
Responsible disclosure helps protect users, downstream projects, and operational environments that may rely on affected tooling.
This policy applies to public repositories maintained under the iHBV organization unless a repository states otherwise.
We support good-faith security research conducted in a way that avoids:
- Privacy violations
- Data destruction
- Service disruption
- Unauthorized persistence
- Impact to users, infrastructure, or third-party systems
Please act responsibly and avoid any activity that could harm systems, data, or users.