If you discover a security vulnerability in any EndstoneMC project, please report it responsibly.
Email: hello@endstone.dev
Please include:
- A description of the vulnerability
- Steps to reproduce
- The affected repository and version
- Acknowledgement: within 48 hours
- Initial assessment: within 7 days
- Fix or mitigation: best effort, typically within 30 days
This policy covers all public repositories under the EndstoneMC organization.
We ask that you do not publicly disclose the vulnerability until we have had a chance to address it. We will coordinate with you on disclosure timing.