To report a security issue or vulnerability in Zarf, please use the confidential GitHub Security Advisory "Report a Vulnerability" tab. The Zarf team will send a response indicating the next steps in handling your report. After the initial reply to your report, the team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

• You found a vulnerability in the Zarf code.
• You found a vulnerability in one of the Zarf dependencies that affects the project that has not been patched yet.

• You found a bug or malfunction in the Zarf code (not security related).
• You want to add a feature to Zarf.

As Zarf has not yet reached v1.0.0, only the current latest minor release is supported.

To discuss security related issues, please email the maintainers at zarf-dev-private@googlegroups.com.