# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in the Dioxus project, please report it **privately and responsibly** by emailing [security@dioxuslabs.com](mailto:security@dioxuslabs.com). **Do not report security issues publicly on GitHub or through issue trackers**. We take all security reports seriously and will respond promptly.

## Coordinated Vulnerability Response

When a security issue is reported, the Dioxus team prioritizes its resolution and coordinates a fix. We may work with affected users, upstream maintainers, and the original reporter to ensure a responsible and timely remediation. We use [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories) for secure communication and coordinated disclosure.

If you're a downstream user or maintainer and believe you're affected, you can request to join the coordination process. Please email us at [security@dioxuslabs.com](mailto:security@dioxuslabs.com) with your:

- Contact email
- GitHub username(s)
- Relevant project or ecosystem information

Participation is granted at the discretion of the Dioxus team.

## Security Advisory Disclosures

We are committed to being transparent about security issues that affect Dioxus. Once a fix is in place, we announce advisories through:

- [GitHub Release Notes](https://github.com/DioxusLabs/dioxus/releases).
- The [RustSec Advisory Database](https://github.com/RustSec/advisory-db) (used by tools like `cargo-audit`).

Users are encouraged to stay up to date with releases and monitor advisories relevant to their projects.