This is the Security Policy for the Perl CryptX distribution.

Security vulnerabilities can be reported via the project GitHub repository Security Advisories. On the "Security" tab you can click on the "Report a vulnerability" button.

Please include as many details as possible, including code samples or test cases, so that we can reproduce the issue. Check that your report does not expose any sensitive data, such as passwords, tokens, or personal information.

If you would like any help with triaging the issue, or if the issue is being actively exploited, please copy the report to the CPAN Security Group (CPANSec) at [email protected].

Please do not disclose the security vulnerability in public forums until past any proposed date for public disclosure, or it has been made public by the maintainers or CPANSec. That includes patches or pull requests or mitigation advice.

For more information, see Report a Security Issue on the CPANSec website.

The maintainer(s) aim to acknowledge your security report as soon as possible. However, this project is maintained by a single person in their spare time, and they cannot guarantee a rapid response. If you have not received a response from them within a week, then please send a reminder to them and copy the report to CPANSec at [email protected].