If you discover a security vulnerability in AAPP-MART, please report it responsibly.

Preferred method:

• Open a private GitHub Security Advisory

Please do not disclose security issues publicly until a fix or mitigation has been released.

• Initial response: within 72 hours
• Fix or mitigation: as soon as reasonably possible
• Coordinated disclosure will be handled in collaboration with the reporter
• Security issues will be tracked via a ticket system or CVE where applicable

Security updates are provided only for the latest stable release of AAPP-MART.
Older versions may not receive security fixes.

This project does not provide exploit code.

Valid reports include:

• Code-level security weaknesses
• Dependency vulnerabilities
• Logic flaws affecting security
• Configuration or deployment misconfigurations

Out of scope:

• Social engineering
• Denial-of-service via unrealistic traffic
• Issues requiring physical access

When submitting a security report, please include the following:

• Software version: The version of AAPP-MART affected
• Environment: OS, Python version, dependencies
• Steps to reproduce: Detailed step-by-step instructions
• Observed behavior: What happens when the vulnerability occurs
• Expected behavior: What should happen
• Supporting evidence: Include any logs, screenshots, or proof-of-concept code. This must be provided to help understand and reproduce the issue.
• Additional context: Any other relevant information, such as timing, frequency, or impact assessment

Unauthorized testing or exploitation may violate laws. Please ensure you have permission before performing any security testing.

We appreciate responsible disclosure and will acknowledge reporters when appropriate.