If you discover a security vulnerability in any ForgeX Foundation project, please help us responsibly disclose it.

📧 Email us at: security@forgex.org

We will acknowledge your report within 2–3 working days and provide updates as we investigate and resolve the issue.

This policy applies to:

• Any vulnerabilities in our open source codebases
• Misconfigurations in infrastructure we control (e.g. APIs, deployments)

• Report the issue directly and privately
• Provide clear, reproducible steps
• Allow us a reasonable time to fix it

• Publicly disclose the issue before resolution
• Use attacks like DDoS, social engineering, or spam
• Access, modify, or delete user data without permission

Thank you for helping keep ForgeX Foundation secure.