CarbonOps-Parser is a public reference project. Do not post credentials, connection strings, private source files, confidential data, or vulnerability details in public issues, pull requests, or discussions.
If you believe a change exposes sensitive information, creates an unsafe default, or identifies a vulnerability, report it privately to the maintainer when a private contact path is available. If no private path is available, open only a non-sensitive public issue that asks for a private contact path. Do not include exploit details, secrets, private URLs, production credentials, database dumps, or private source data in the public report.
Useful reports include:
- Accidental exposure of credentials or private paths.
- Unsafe default configuration examples.
- Source archive handling concerns.
- Dependency concerns once dependencies are introduced.
- Documentation that could lead users to mishandle sensitive data.
No production credentials should be shared with the project. Operators own their infrastructure, credential storage, database access, network policy, monitoring, backup, and incident response.
This project does not provide operational security support. Response timing depends on maintainer availability.