The Material / Image Research Lab (MIRL) maintains tools that handle cultural materials and, in the case of rescue-archiving, at-risk media and the safety of the people who provide it. We take security and privacy seriously, and we welcome responsible disclosure.

Please do not open a public issue for a security problem. Instead, use one of these private channels:

• GitHub private vulnerability reporting. On the affected repository, go to the Security tab and choose Report a vulnerability.
• Email. Write to mirl@arthistory.ucsb.edu with "Security" in the subject line.
• Sensitive matters. For anything concerning rescue-archiving or the protection of sources, you may contact Dr. Jeff O'Brien directly at jeffobrien@ucsb.edu.

• The affected repository, and the version or commit if you know it.
• A clear description of the issue and its potential impact.
• Steps to reproduce, and any proof of concept you can share safely.

Please give us a reasonable window to respond before any public disclosure.

• We aim to acknowledge your report within five business days.
• We will keep you informed as we investigate and work toward a fix.
• We will credit you when a fix ships, unless you prefer to remain anonymous.

These repositories are research and teaching tools, several of them offered as templates to fork and adapt. If you find an issue in a fork or in a downstream deployment, please report it to whoever maintains that copy. We are glad to help coordinate.