We take security seriously. If you discover a security vulnerability, please report it responsibly.
Please use GitHub's Private Vulnerability Reporting to submit your report. This allows us to discuss and resolve the issue privately before public disclosure.
If you prefer email, contact us at security@renamed.to with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 7 days
- Resolution Timeline: Depends on severity, typically 30-90 days
This policy applies to:
- All SDK packages in this repository
- The renamed.to API (report separately at security@renamed.to)
- Vulnerabilities in dependencies (report to upstream maintainers)
- Social engineering attacks
- Denial of service attacks
We appreciate responsible disclosure and will acknowledge security researchers in our release notes (unless you prefer to remain anonymous).