MARS is early WIP. Only the latest tagged release receives security fixes.
Please do not open public GitHub issues for security reports.
Report vulnerabilities privately via either:
- GitHub's private vulnerability reporting, or
- Email to
[email protected]with subject prefix[mars-security].
We aim to acknowledge reports within 72 hours and to coordinate a fix and a public advisory once a patched release is available.
When reporting, please include:
- A description of the vulnerability and its impact.
- Steps to reproduce, or a minimal proof of concept.
- The MARS version (
mars --version) or commit SHA.