Security fixes are generally applied to the latest published release and to the current development line.

If you are unsure whether your installation is affected, test against the latest release first.

Please do not report security vulnerabilities in public GitHub issues, discussions, or other public channels.

Use GitHub Private Vulnerability Reporting for this repository if it is available.

If private vulnerability reporting is not available, contact regfish at support@regfish.com and include Security: certbro in the subject line.

Please include:

• affected certbro version
• a clear description of the issue
• impact and realistic attack scenario
• reproduction steps or proof of concept, if available
• any suggested mitigation, if known

We will review the report, assess severity, and coordinate remediation and disclosure as appropriate.