Aerleon takes security seriously. This document provides details of our policy and the procedures we will operate by when a vulnerability is disclosed.

If you believe you have found a vulnerability please do not raise an issue on Github. Email the maintainers directly: Rob Ankeny (ankenyr@gmail.com) and Jason Benterou (jason.benterou@gmail.com). Please include a proof of concept in your email.

We will acknowledge reports within 24 hours and provide a response to the report within 48 hours. Our response will indicate what steps we will take with regards to your report. We may ask for additional information to clarify anything and ask that you provide help with regards to validating any fixes.

When we receive a report and confirm it is valid we will disclose within 90 days.