Please do not open a public GitHub issue for security vulnerabilities.
If you discover a security issue, email me directly at:
Include:
- A description of the vulnerability
- Steps to reproduce it
- Potential impact
I'll respond within 48 hours and work with you to resolve it responsibly.
This policy covers the Forge application code in this repository. It does not cover third-party services (Convex, Clerk, Inngest, Google AI, etc.) — please report those to their respective security teams.