If you discover a security vulnerability in FireCMS, please report it responsibly.

Please do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email us at security@firecms.co with:

• A description of the vulnerability
• Steps to reproduce the issue
• Any potential impact assessment
• Suggested fix (if any)

We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.

This policy applies to the FireCMS open-source project and its published npm packages under the @firecms scope.