If you find a security issue in Revenant itself, please report it privately rather than opening a public issue. Open a draft advisory at https://github.com/smakarim/revenant/security/advisories/new and include steps to reproduce and the affected commit or version. You will get a response as soon as possible.

Revenant is for authorized security testing and for assets you own or are permitted to test. When it surfaces secrets in third-party repositories, follow responsible disclosure: report the exposure privately to the affected owner so they can rotate the credential, and do not access or use any secret you find.

Revenant is pre-1.0. Fixes land on the latest main. Please test against main before reporting.