We look for and fix vulnerabilities as soon as possible with internal website code, external (outside domain) files, and files distributed by our products and communities.
DO NOT report security vulnerabilities as an issue, pull request (PR), or discussion here on GitHub and the other external sites of Discord (applies to communities) and other online forums. Vulnerabilities should not be publicly known. Please report all vulnerabilities at support@atproducts.xyz for private reporting.
Our team attempts to fix these security vulnerabilities as soon as possible. All vulnerability patches trump scheduled release dates and should be released as soon as the patch is ready. These patches should only include vulnerability patches with no other content alongside them. This policy will be even more important as the upcoming updates may feature account-based components, making our security more prioritized.
From the Reporting a Vulnerability section, all members in the team behind security patches and ones who are aware of such security vulnerabilities shall not disclose the security vulnerabilities until the agreed-upon public disclosure date/time is satisfied by all higher-ups/team members. Repeated offenses may lead to termination of the contributor team and your volunteerment/employment AT Products LLC.