This project currently supports the master branch only.
Please do not disclose vulnerabilities publicly before a fix is available.
Report privately using GitHub Security Advisories (preferred), or by contacting the maintainers directly.
Include:
- affected component/file;
- impact summary;
- proof of concept or reproduction steps;
- suggested mitigation (if available).
- Initial triage: within 72 hours
- Status update: within 7 days
- Fix timeline: depends on severity and complexity
HydraLock is a cryptographic container format implementation. Issues involving confidentiality, integrity, key handling, wrapper validation, parser fail-open behavior, and downgrade/rewrap bypasses are considered high priority.