Security fixes are applied to the latest main branch and the latest tagged release.

Please report vulnerabilities privately and responsibly.

• Email: security@delegant.co.za
• Include: impact, affected components, reproduction steps, and any proof-of-concept details
• Avoid public issue trackers for undisclosed vulnerabilities

You can expect:

• Acknowledgment within 3 business days
• Initial triage status within 7 business days
• Coordination on disclosure timing after validation

This policy applies to all code and infrastructure in this repository, including service-to-service authentication, authorization, policy enforcement, and audit components.