If you discover a security vulnerability within OrdinaryPHP, please send an email to security@ordinaryphp.org. All security vulnerabilities will be promptly addressed.

Please do not publicly disclose the issue until it has been addressed by the team.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

This project uses:

• Roave Security Advisories: Prevents installation of packages with known vulnerabilities
• Strict Type Safety: PHP 8.5 strict types and comprehensive static analysis
• Automated Security Audits: Via GitHub Actions on every commit
• Dependency Scanning: Regular updates and security checks

• Security vulnerabilities are treated with high priority
• We aim to patch critical vulnerabilities within 48 hours
• Security releases will be tagged and announced
• Credits will be given to reporters unless anonymity is requested