If you discover a security vulnerability in slashmail, please report it privately via email:
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
You can expect an initial response within 72 hours. Fixes for confirmed vulnerabilities will be prioritized and released as soon as possible.
This policy covers the slashmail CLI tool itself, including IMAP command construction, TLS handling, and credential management.