If you discover a vulnerability or potential data-leak issue in ContactKit:
- Do not open a public issue.
- Email [email protected] (or your preferred contact).
- Include:
- Affected files or commit SHA
- Reproduction steps
- Expected vs. actual behavior
We will confirm receipt within 2 business days and coordinate a fix.
Only the latest release tag (e.g., v0.x) receives security patches.