If you discover a security vulnerability in AFS, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please email: security@arcblock.io

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 2 business days
• Initial assessment: Within 5 business days
• Fix timeline: Depends on severity, typically within 30 days

This policy covers the AFS core packages and all official providers in this repository.

Security updates are provided for the latest release only.