If you discover a security vulnerability in FieldStack, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email hello@impactmojo.in with:

• A description of the vulnerability
• Steps to reproduce the issue
• Any potential impact
• Suggested fix (if you have one)

We will acknowledge your report within 48 hours and aim to release a fix within 7 days for critical issues.

The following are in scope:

• Cross-site scripting (XSS) in any page
• Authentication or authorisation bypass
• Exposed secrets or credentials
• Insecure dependencies with known CVEs
• Open redirects

• Denial of service attacks
• Social engineering
• Issues in third-party services

We're happy to credit security researchers in our changelog. Let us know if you'd like to be acknowledged.