This project is in an early stage.

Only the latest development state and latest tagged pre-release are supported for security fixes.

Please do not open a public GitHub issue for security reports.

Report vulnerabilities privately by opening a GitHub Security Advisory draft for this repository. If that is not available, open a normal issue with no technical details and ask maintainers for a private channel.

Include, when possible:

• affected file(s), component(s), or target (rawdev_core, rawdev_cli, rawdev_tests)
• reproduction steps or proof-of-concept
• impact assessment (confidentiality/integrity/availability)
• suspected dependency involvement (LibRaw, LLVM, OpenMP, or other)

Maintainers aim to:

• acknowledge valid reports within 3 business days
• provide triage status within 7 business days
• share progress updates at least every 14 days until resolution

These are best-effort targets for an open-source volunteer project.

• We follow coordinated disclosure by default.
• Please allow time for fix development and validation before public disclosure.
• After a fix is available, maintainers will publish remediation details in release notes or commit history.

This repository includes and links third-party code (for example LibRaw and LLVM submodules).

If a vulnerability is in an upstream dependency:

• report it to the upstream project according to its policy
• open a private advisory here as well if it impacts this repository
• maintainers will track and document affected versions and mitigation steps