If you discover a security vulnerability in FORGE, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please email support@renozoic.com or use GitHub's private vulnerability reporting feature:
- Go to the repository's Security tab
- Click Report a vulnerability
- Provide details of the vulnerability
- Acknowledgment: Within 48 hours of report
- Initial assessment: Within 7 days
- Fix or mitigation: Depends on severity, typically within 30 days
This policy covers the FORGE framework template and its distribution tooling. It does not cover consumer projects bootstrapped from the template — those are maintained independently by their respective owners.
Only the latest version on the main branch is actively supported with security fixes.