MindSpring is currently pre-1.0. Security fixes are applied on main.
Do not report vulnerabilities in public issues.
Use GitHub private advisories:
Include:
- affected endpoint/module
- reproduction steps
- impact and severity estimate
- sanitized logs only
This repository is public OSS. Never post the following in issues, PRs, comments, or commits:
- API keys, bearer tokens, secrets, credentials
- personal data (names, emails, phone numbers, addresses)
- customer/account identifiers tied to private systems
- private/internal URLs containing sensitive query parameters
- raw production payloads with identifying content
When sharing evidence, replace sensitive values with placeholders:
<CLIENT_A><USER_001><ACCOUNT_X><TOKEN_REDACTED>
Prefer summaries and minimal snippets over full payload dumps.
If sensitive data is posted publicly:
- Remove or redact the content immediately.
- Rotate any exposed secrets/tokens immediately.
- Open a private security advisory with timeline and impact.
- Link any follow-up public issue only to sanitized details.
Use public GitHub issues for technical work items only.
Use a private tracker for customer-specific or PII-bearing context.
Cross-reference via neutral IDs only (for example, INT-4821).