If you discover a security vulnerability, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please email security@fediway.com with:

• A description of the vulnerability
• Steps to reproduce
• Potential impact

We will acknowledge your report within 48 hours and aim to provide a fix within 7 days for critical issues.

This policy covers the Fediway Feeds server, CLI, and worker components. If you find a vulnerability in a dependency, please report it upstream and let us know so we can update.

Only the latest release on the main branch is supported with security updates.