If you discover a security vulnerability in Ghola, please report it responsibly.
Do not open a public issue.
Instead, email: robot@accomplice.ch
Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: within 48 hours
- Initial assessment: within 7 days
- Fix or mitigation: coordinated disclosure within 90 days
This policy covers the ghola CLI tool and its dependencies. It does not cover third-party services that ghola may communicate with (blockchain RPCs, arbitrary HTTP targets).
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older releases | Best effort |