Report suspected vulnerabilities privately through GitHub Security Advisories: open the repository's Security tab and choose Report a vulnerability. Do not open public issues or pull requests for suspected vulnerabilities.
Include the affected crate version, a description of the issue, and a reproduction if available. Do not include exploit payloads targeting third-party deployments.
Only the latest published version of reallyme-cose receives security fixes.
This policy covers the reallyme-cose crate in this repository. Issues in
reallyme-crypto, reallyme-codec, or other dependencies should be reported
to their respective repositories.