If you believe you've found a security vulnerability in iron-proxy, please report it privately. Do not open a public GitHub issue, discussion, or pull request.

Email security@iron.sh with a description of the issue, steps to reproduce, and the version or commit SHA you tested against.

You can encrypt your report using the PGP key at public-key.asc in this repository.

Please give us a reasonable window to ship a fix before any public disclosure.