Please report (suspected) security vulnerabilities to security@intersectmbo.org. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible.
Please provide a clear and concise description of the vulnerability, including:
- the affected version(s) of cardano-ledger,
- steps that can be followed to exercise the vulnerability,
- any workarounds or mitigations
If you have developed any code or utilities that can help demonstrate the suspected vulnerability, please mention them in your email but DO NOT attempt to include them as attachments as this may cause your Email to be blocked by spam filters. See the security file in the Cardano engineering handbook.