If you discover a security vulnerability in Xolmis, please help us keep the community safe by following these steps:

1. Do not open a public issue. Security issues must be reported privately to avoid exploitation before a fix is released.

2. Contact the maintainers directly:

   • Email: hello@christianbeier.studio
   • Alternatively, use GitHub’s private vulnerability reporting.

3. Provide details:

   • A clear description of the vulnerability.
   • Steps to reproduce the issue.
   • Potential impact and affected modules.
   • Suggested mitigation if available.

We will acknowledge receipt within 72 hours, investigate the issue, and provide updates on progress. Once resolved, we will publish a security advisory and release a patched version.

To minimize risks when using Xolmis:

• Always use the latest supported version.
• Keep your database backups secure and encrypted.
• Restrict access to sensitive modules and user accounts.
• Regularly review permissions and audit logs.
• Avoid exposing internal services directly to the internet.

• Vulnerabilities will be disclosed responsibly after a fix is available.
• Credits will be given to reporters who follow responsible disclosure practices.
• We may delay disclosure if exploitation risks are high and a patch is still being tested.

By following this policy, we ensure that Xolmis remains a reliable and secure platform for biodiversity data management.