Project repository: https://github.com/directions4partners/ccms

We follow coordinated vulnerability disclosure to protect our users.

• Email: freddy@directions4partners.com
• Please include:
  • A detailed description of the issue and potential impact
  • Steps to reproduce (PoC if possible)
  • Affected versions and environments
  • Any suggested mitigations

Do not file public GitHub issues for suspected vulnerabilities.

1. Acknowledgement — We aim to acknowledge new reports within 3 business days.
2. Triage — Reproduce, assess severity, and determine affected scope.
3. Fix — Develop and test a fix; prepare release notes and CVE request if applicable.
4. Coordinated Disclosure — We will propose a disclosure timeline (typically 7–30 days depending on severity) and publish advisories after patches are available.

Security fixes are provided for the latest minor release and any active LTS branches identified in the repository’s release policy.