The Sherlock team and community take the security of our software seriously. We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions.

All security updates are applied to the most recent release. Only the latest version of Sherlock is officially supported. Please ensure you are running the latest version available on our Releases page before reporting a vulnerability.

We are committed to working with the community to verify and respond to any potential vulnerabilities that are reported to us.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please use the Private Vulnerability Reporting feature on GitHub.

1. Go to the main page of the Sherlock repository.
2. Click on the "Security" tab.
3. Click on "Report a vulnerability" on the right-hand side.

This will open a private advisory where you can provide all the necessary details of the vulnerability without disclosing it to the public. We will do our best to acknowledge your report within 48 hours and will keep you updated on our progress toward a fix and a new release.

Thank you for helping to keep Sherlock secure.