The KhoraEngine team and community take the security of our software seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

If you believe you have found a security vulnerability in KhoraEngine, please report it to us as responsibly as possible.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please send an email directly to: florianm.757501@gmail.com

Please include the following details with your report:

• A description of the potential vulnerability.
• The version or commit hash of KhoraEngine you were using.
• Steps to reproduce the vulnerability, if possible.
• Any potential impact of the vulnerability.
• Any suggested mitigations if you have them.

We will endeavor to acknowledge receipt of your vulnerability report within 48 hours and to provide a timeline for addressing it. We ask that you do not publicly disclose the vulnerability until we have had a chance to address it and coordinate disclosure.

This security policy applies to the KhoraEngine codebase itself.

• We will investigate all reported vulnerabilities promptly.
• We will work to remediate confirmed vulnerabilities in a timely manner.
• We will credit researchers who responsibly disclose vulnerabilities (unless they wish to remain anonymous).

Thank you for helping keep KhoraEngine secure.