Please do not report security vulnerabilities through public GitHub issues.

Use GitHub private vulnerability reporting for this repository:

https://github.com/cacheplane/dawnai/security/advisories/new

If private vulnerability reporting is unavailable, contact the maintainers through the least-public GitHub channel available and avoid posting exploit details publicly.

Include:

• Affected package, command, or documentation surface.
• Impact and exploitability.
• Reproduction steps or proof of concept.
• Known mitigations, if any.
• Whether the vulnerability is already public.

Dawn is pre-1.0. Security fixes are handled on the default branch and released through the normal package release process.

Please give maintainers a reasonable opportunity to investigate and release a fix before public disclosure.

Good-faith security research is welcome when it avoids privacy violations, service disruption, data destruction, social engineering, and public disclosure before a fix is available.