We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

1. Do NOT create a public GitHub issue for security vulnerabilities
2. Email the maintainer directly at: [email protected]
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 7 days
• Resolution Timeline: Depends on severity (critical: ASAP, high: 30 days, medium: 90 days)

• Security fixes will be released as patch versions
• Credit will be given to reporters (unless anonymity is requested)
• A security advisory will be published for significant vulnerabilities

When using this package:

• Keep dependencies updated - Run composer update regularly
• Use latest PHP version - Security fixes are backported to supported versions only
• Review generated OpenAPI specs - Ensure no sensitive information is exposed
• Validate input - The generator reads route configuration; ensure it's from trusted sources

This package:

• Reads PHP source files via reflection (ensure source files are trusted)
• Parses route configuration (validate configuration sources)
• Generates API documentation (review output for sensitive data exposure)

• Security Issues: [email protected]
• General Issues: GitHub Issues

Thank you for helping keep this project secure!