The Midnight Foundation takes the security of our software products and services seriously, including all source code repositories managed through our GitHub organization.

If you believe you have found a security vulnerability in this repository, please report it to us through coordinated disclosure.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, please use GitHub's security advisory feature:

1. Navigate to the repository's Security tab
2. Click "Report a vulnerability"
3. Fill out the vulnerability report form with as much detail as possible

This will create a private security advisory that only the maintainers can see.

If you prefer to report via email, please send your report to:

security@midnight.foundation

Please include as much of the following information as possible to help us better understand and resolve the issue:

• Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

• We will acknowledge receipt of your vulnerability report within 3 business days
• We will provide a more detailed response within 7 business days indicating the next steps in handling your report
• We will keep you informed of the progress towards a fix and may ask for additional information or guidance

• We request that you give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing it with others
• We will make every effort to acknowledge your report in a timely manner and keep you informed of our progress
• Once a fix is released, we will publicly acknowledge your responsible disclosure (if you wish)

We release patches for security vulnerabilities. Please ensure you are using a supported version:

Security updates will be released as patch versions and announced through:

• GitHub Security Advisories
• Release notes
• npm package updates

Please keep your dependencies up to date to receive the latest security fixes.

For more information about Midnight Foundation's security practices, please visit:

• Midnight Network Documentation
• Midnight Network GitHub Organization

Thank you for helping to keep Midnight Network and our users safe!