If you discover a security vulnerability in Provero, please report it through GitHub Security Advisories.

Do not open a public issue for security vulnerabilities.

• Description of the vulnerability
• Steps to reproduce
• Affected versions
• Potential impact

• Acknowledgment: within 48 hours
• Initial assessment: within 1 week
• Fix and disclosure: coordinated with reporter, typically within 30 days

This policy applies to the Provero core engine, CLI, connectors, and Airflow provider.