The security of this project is important. If you discover a security vulnerability, do not open a public issue.

MESH is used in highly risky environments and a public disclosure may contribute to adversarial actions.

Please report all security vulnerabilities via email or using the Report Button on this page:

info [ @ ] barghest [ . ] asia

To help us assess and respond efficiently, please include:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Proof-of-concept code, if available
• The affected version(s) or commit hash
• Any potential impact or attack scenario

If possible, encrypt sensitive details. Our PGP is as follows:

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEaR7oFBYJKwYBBAHaRw8BAQdA7KWt5mzZqLpFODfrbW4d+GMJwlBZN4BC 097N9IlGq87NJ2luZm9AYmFyZ2hlc3QuYXNpYSA8aW5mb0BiYXJnaGVzdC5h c2lhPsLAEQQTFgoAgwWCaR7oFAMLCQcJEA1gzgx7Bve7RRQAAAAAABwAIHNh bHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5vcmcvKGeirZ1QKwoHg6wG185LNLSe +Ohz9drZC+jWiN+xnAMVCggEFgACAQIZAQKbAwIeARYhBN0XNWvCJAOsb3aN vA1gzgx7Bve7AACYywEAqgjLNKSUEE515M5GE0uaXg7XiZLp8di40oQQpChK uagBALTOXNitqpwz4iBOYIXs/WIVEfHCqziBJd9F9Z/hQssLzjgEaR7oFBIK KwYBBAGXVQEFAQEHQKYph2j0QVbODVCvNPatOIXHZ5uaQLSP6QiAkpYk7S9j AwEIB8K+BBgWCgBwBYJpHugUCRANYM4Mewb3u0UUAAAAAAAcACBzYWx0QG5v dGF0aW9ucy5vcGVucGdwanMub3JniZW2j9f5o50NYAl8ZL2GauptmGsdkCt3 f/2irrh8jSECmwwWIQTdFzVrwiQDrG92jbwNYM4Mewb3uwAAzisBAPoLuvwe RFTK7Gr/3R63mQPeOOiYic6DzCqPusEtfGBCAP9reiLCHERjBkgMtFgKbojm d7PjmQcXQJvPBxnUszDMDw== =SmiC -----END PGP PUBLIC KEY BLOCK-----

• You will receive an acknowledgment within 5 business days.
• We will investigate and assess the report.
• If confirmed, we will work on a fix and coordinate disclosure with you.
• We may request additional information during the investigation.

We kindly ask that you:

• Allow us reasonable time to investigate and remediate the issue before public disclosure.
• Avoid accessing, modifying, or deleting data that does not belong to you.
• Act in good faith and avoid privacy violations or service disruption.

This policy applies to:

• The main branch
• Actively maintained release branches

Dependencies and third-party services are handled according to their respective security policies.

Security patches will be released as soon as possible. When appropriate, advisories will be published describing the impact and remediation steps.