Please report security-sensitive issues privately instead of opening a public GitHub issue.

Security fixes target the main branch and the latest tagged GitHub Release. Older untagged commits are not supported unless maintainers explicitly decide otherwise.

• Open a GitHub security advisory if you have repository access.
• Otherwise contact the maintainer listed in MAINTAINERS.md before disclosing details publicly.
• Do not include secrets, private RPC credentials, validator keys, or exploit details in public issues or discussions.

Maintainers will acknowledge actionable reports as soon as practical and will coordinate disclosure timing for confirmed vulnerabilities.

This project handles exporter-side metric collection and local configuration. Reports involving credential leakage, unsafe remote code loading, dependency supply-chain risk, unexpected network exposure, or unsafe handling of upstream data are in scope.

Reports about public chain data quality, third-party RPC uptime, or hosted indexer freshness are usually operational issues unless they cause unsafe exporter behavior.