The smbcloud-cli team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions.

As the project is in its early stages (pre-1.0), security patches will only be provided for the most recent releases. Please ensure you are using the latest version.

If you discover a security vulnerability, please report it to us by emailing smbcloud@setoelkahfi.se.

Please do not report security vulnerabilities through public GitHub issues.

Please include the following details in your report:

• A clear and concise description of the vulnerability.
• The version of smbcloud-cli affected (e.g., 0.3.22).
• Steps to reproduce the vulnerability. This could include a code snippet, a series of commands, or a link to a repository with a proof of concept.
• The potential impact of the vulnerability.
• Any potential mitigations or workarounds you are aware of.

1. When you report a vulnerability, we will acknowledge receipt of your report within 48 hours.
2. We will investigate the report and determine if it is a valid security issue.
3. If the vulnerability is accepted, we will work on a patch for the latest version as soon as possible.
4. We will notify you when the patch is released.
5. We will publicly disclose the vulnerability after the patch has been released, and we will credit you for the discovery unless you prefer to remain anonymous.

We value your contributions to keeping smbcloud-cli secure.