The main branch receives security fixes until the project publishes versioned release branches.

Do not open a public issue for vulnerabilities that include exploit details, packet captures, credentials, or private traffic data.

Report security issues privately through GitHub private vulnerability reporting when available, or contact the repository owner directly. Include:

• affected version or commit;
• clear reproduction steps;
• expected and observed impact;
• whether the issue involves real packet captures, tokens, cookies, or user data.

The project handles packet capture data that can contain credentials and personal information. Redact sensitive values before sharing logs, reports, screenshots, HAR files, Reqable exports, or NDJSON inbox files.