Security is important to me. This document explains how to report security issues that affect my personal projects and what information helps me respond effectively.

Please report anything that could lead to information disclosure, data loss, privilege escalation, remote code execution, account takeover, or other security or privacy concerns.

Email william@hallin.media with full details. If the issue is urgent or clearly exploitable in production, start the subject line with "URGENT".

Avoid posting public issues, pull requests, or otherwise publishing exploit details until I've had a chance to investigate and coordinate a fix.

The more detail you provide, the faster I can reproduce and address the problem. Please include:

• Short summary & scope: a one-line summary of the issue, its impact, and which repository/service/URL is affected.
• Reproduction & proof: exact steps, requests, commands, or a minimal proof‑of‑concept (attach or paste a PoC); add request/response examples where helpful.
• Evidence & context: logs, error messages, screenshots, recordings, or other artifacts illustrating the issue.
• Observed vs expected: what happened, what you expected, and a rough estimate of severity/impact.
• Contact & disclosure preference: your preferred contact details and whether you want to remain anonymous, be credited, or receive no public credit; attach files if needed.

1. Acknowledgement: I'll confirm I received your report within 48 hours.
2. Triage & assessment: I'll attempt to reproduce the issue and evaluate severity.
3. Coordination: I'll keep you informed while I work toward a fix.
4. Resolution: Once fixed, I'll notify you and coordinate any disclosure.

• Critical issues: aim to fix within 7 days
• High severity: aim to fix within 30 days
• Other issues: aim to fix within 90 days

Please avoid public disclosure until I've had a chance to address the issue. In return, I commit to timely acknowledgement and updates, will not pursue legal action for good‑faith security research, and will work with you on disclosure timing — including crediting your contribution if you permit.

Thanks for taking the time to report security issues — clear steps and supporting artifacts make fixes faster and safer.