Reported vulnerabilities should concern the latest release or the latest commit of one of the open branches. Issues related to old versions will not be treated as a priority by the ECLAIR team.

Security issues should be reported to the ECLAIR team by email to eclair@myecl.fr, or using the "Private vulnerability reporting" feature of GitHub. We will inspect your report quickly, and you'll receive a response within 48 hours indicating the next steps in handling your report.

Do not disclose any information related to vulnerabilities you may discover before getting approval from the ECLAIR team.