Please do not open a public GitHub issue for an undisclosed security vulnerability. Use GitHub private vulnerability reporting in the Security tab of this project instead.

When reporting a vulnerability, include:

• the affected parsedmarc version or commit
• the component or integration involved
• clear reproduction details if available
• potential impact
• any suggested mitigation or workaround

Security fixes will be applied to the latest released version and the current master branch.

Older versions will not receive backported fixes.

After a report is received, maintainers can validate the issue, assess impact, and coordinate a fix before public disclosure.

Please avoid publishing proof-of-concept details until maintainers have had a reasonable opportunity to investigate and release a fix or mitigation.