Security

Report a Bug or Vulnerability

When submitting a report, include clear steps to reproduce the issue, any relevant technical details, and logs or screenshots if available. This information helps our team understand and resolve the issue quickly. You can submit your report through the issue tracker on the corresponding repository or, if the tracker is unavailable, email our security team at security@979.st.

For security-sensitive issues, email your report directly to our security team. If you deem it necessary, you can encrypt the report using our GPG key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEaVpiqBYJKwYBBAHaRw8BAQdAzt+rv4B5qI/NxIcZY4drN1DG/fYEQxqkHfZg
mV9BphrNGlNlY3VyaXR5IDxzZWN1cml0eUA5Nzkuc3Q+wo8EExYIADcWIQRE3BFt
GBdM003rLDCmATnX3Trx4QUCaVpiqAUJAeEzgAIbAwQLCQgHBRUICQoLBRYCAwEA
AAoJEKYBOdfdOvHhJ0YBAOKakFHwPOwbB+on8e36OlcZW55PnVAAVTXjVGwcl+N7
AP4h/VexyR8YbBP88dfL92tAjU4jwJCXrtNhIfuZ53PJC844BGlaYqkSCisGAQQB
l1UBBQEBB0A62nhqS2ddGEnjr71OSo7H7sDP2WIqgbTClqT7g6MXOAMBCAfCfgQY
FggAJhYhBETcEW0YF0zTTessMKYBOdfdOvHhBQJpWmKpBQkB4TOAAhsMAAoJEKYB
OdfdOvHhKToBALj1b+WOEd3lV16T5x+g+8pu72/jG//gYMcuueKayQn2APwLO6ix
fn7AjFJmRRnbNchjZzcH5Dn1pprxkN/tbhydAg==
=WR6v
-----END PGP PUBLIC KEY BLOCK-----

Our Process

When you submit a vulnerability report, our security team will:

• Review and validate the report, assess its severity, develop and deploy a fix. Most issues are resolved within 14–90 days, depending on complexity and impact.
• Coordinate with you on a responsible disclosure timeline for your research.

Legal Statement

We support independent security research and responsible vulnerability disclosure. We will not take legal action against researchers who follow this policy and act responsibly to avoid privacy violations, data destruction, or service disruption.