Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.

Send vulnerability reports to security at qameta.io. Include:

• The affected repository, package, or version.
• A clear description of the issue and potential impact.
• Reproduction steps, proof of concept, logs, or screenshots when available.
• Any known workarounds or mitigations.

We will review the report and coordinate the next steps with you. Public disclosure should wait until maintainers have had a reasonable opportunity to investigate and release a fix.

Security support applies to actively maintained Allure Framework projects. Individual repositories may define a more specific support policy, and repository-specific security guidance takes precedence over this default file.