If you discover a security vulnerability in Anchor, please report it privately rather than opening a public issue.
Use GitHub's private vulnerability reporting to submit a report. You should receive an initial response within a few days.
Please include:
- A description of the issue and the impact
- Steps to reproduce
- The affected version or commit
- Any suggested mitigation, if known
Only the latest released version receives security fixes.