Security Policy What to do Clone the main branch from the repository Set up a local envirnoment, see requirements and setup Attack and exploit your own local autorender instance Report the vulnerability via GitHub here What NOT to do Do NOT attack the production system (autorender.portal2.sr) Do NOT publish your report before the deadlines, see below Do NOT report useless attack surfaces like Social engineering Denial of service Flaws in older devices or browsers Deadlines First response: 14 days Patchfix: 90 days