If you discover a security vulnerability in Atlas, please report it responsibly.

Do not open a public issue for security vulnerabilities.

Instead, send an email to security@shaedy.de with the following information:

• A description of the vulnerability
• Steps to reproduce the issue
• The potential impact
• Any suggested fix, if you have one

You should receive an initial response within 48 hours. We will work with you to understand the issue and coordinate a fix before any public disclosure.

This policy applies to the Atlas mod and its published artifacts. Third-party mods that integrate with the Atlas API are outside the scope of this policy.

Once a fix is available, we will publish a security advisory on GitHub and release a patched version. Credit will be given to the reporter unless they prefer to remain anonymous.