CorpSim is pre-1.0. Only the latest released version line is supported for security fixes.

• Do not open public issues for security vulnerabilities.
• Use GitHub's private vulnerability reporting in the repository Security tab.
• If private reporting is unavailable, contact the maintainers and request a private channel first.

Please include:

• A clear description of the issue and impact.
• Reproduction steps or proof of concept.
• Affected version(s), environment, and configuration details.
• Suggested mitigation if known.

• Initial acknowledgement: within 72 hours.
• Triage and severity assessment: within 7 days.
• Fix timeline: based on severity and exploitability.

• Please allow time for triage and patching before public disclosure.
• After a fix is released, coordinated disclosure is welcome.