If you discover a security vulnerability, please report it privately:
Email: support@defalt.org
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
We'll respond within 48 hours and work with you on a fix before public disclosure.
This policy covers the Defalt codebase. For vulnerabilities in Ghost CMS itself, please report to Ghost's security team.