Security fixes are prioritized for the latest main branch and the most recent release line.

If you discover a security issue, please report it privately:

• Email: security@districtd.co
• GitHub Security Advisories: use "Report a vulnerability" in this repository

Please do not open public issues for vulnerabilities.

Include the following details when possible:

• Affected component(s) and version
• Reproduction steps or proof of concept
• Impact assessment (confidentiality, integrity, availability)
• Suggested remediation (if known)

Districtd aims to:

• Acknowledge new reports within 3 business days
• Provide an initial triage assessment within 7 business days
• Share remediation and disclosure timeline after triage

Actual timelines can vary depending on severity and coordination needs.

• We validate and triage the report
• We prepare and test a fix
• We coordinate disclosure with the reporter
• We publish release notes and mitigation guidance

Thank you for helping keep AccessD secure.