This project follows a rolling release model. We only address security issues affecting the latest git commit of the main branch.
We take a security-first approach. If you suspect you've found a security issue in the project, please report it responsibly. Your disclosure helps protect the OpenStreetMap community. Thank you!
Note
If you're unsure whether an issue has security implications, it's safest to assume it has and report it.
To report a vulnerability, you can either use GitHub's builtin private vulnerability reporting feature or contact the maintainers directly.
- Private vulnerability reporting
- Kamil Monicz (Zaczero) — Contact maintainer