At riok, we take the security of Mapperly very seriously. If you discover a potential security vulnerability, we encourage you to report it responsibly using the guidelines below.

Please refrain from reporting security vulnerabilities through public GitHub issues.

To report a security incident, please contact us via email at [email protected] and include the following information:

• Target: Specify the affected component(s), such as:
  • Mapperly source generator
  • Mapperly-generated code
  • Mapperly documentation web page
  • Other (please describe)
• Description: Provide a comprehensive explanation of the issue, including:
  • Steps to reproduce the vulnerability
  • Assumptions made during the discovery
  • Potential impact or risks
• URL/Location (optional): Include the relevant URL or location if applicable.
• Contact Details (optional): Provide your preferred contact information if you wish to be contacted through a specific channel.

• GPG Encryption: At this time, GPG encryption is not supported for security reports. However, you may sign your message for authenticity if desired.
• Acknowledgment: If you wish to be acknowledged for your report, please let us know explicitly in your submission. By default, we will keep your identity private to protect your privacy.
• Preferred Communication Language We kindly request that all communications be conducted in English to ensure a swift and effective response.