Please do not report security vulnerabilities through public GitHub issues.
Instead, please use GitHub's private vulnerability reporting:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Fill out the form with details
I will respond within 48 hours and work with you to understand and address the issue.
- Type of issue (e.g., command injection, path traversal, arbitrary file overwrite)
- Full paths of affected source files
- Step-by-step instructions to reproduce
- Proof-of-concept or exploit code (if possible)
- Impact assessment and potential attack scenarios
Only the latest version receives security updates. Please always use the most recent release.
- Never commit secrets — use environment variables
- Validate all input — especially sample names, paths, and user-provided files
- Keep dependencies updated — Dependabot is enabled on this repo
- Prefer reproducible pins for Docker images, databases, and tool versions
For security questions that aren't vulnerabilities, open a regular issue or start a discussion in a pull request.