The project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via Fastly’s security issue reporting process.

Remediation of security vulnerabilities is prioritized by the project team. The project team endeavors to coordinate remediation with third-party stakeholders, and is committed to transparency in the disclosure process. Since this repository does not contain any code intended for use by Fastly customers, security vulnerabilities should be reported using the GitHub reporting system.

Note that communications related to security issues in Fastly-maintained OSS as described here are distinct from Fastly Security Advisories.