If you discover a security vulnerability in Emerald, please report it privately and DO NOT open a public GitHub issue.

To report a vulnerability:

• Email: [email protected]
• Include a clear description of the issue
• Provide steps to reproduce, if possible
• Include affected versions, commit hashes, or configurations
• Add any relevant logs, PoCs, or screenshots

There is no bounty reward system in place for Emerald yet.

We follow a coordinated disclosure process:

1. We acknowledge receipt of your report within a reasonable timeframe.
2. We investigate and validate the issue.
3. We develop and test a fix.
4. We coordinate public disclosure after a fix is available.

Please allow us time to address the issue before making any public disclosures.

For the most up-to-date version of the policies that govern our approach to vulnerability disclosure, please consult the Gold Standard Safe Harbor Statement.

Thank you for helping keep Emerald secure.