Do not open public GitHub issues for security vulnerabilities.
Report potential vulnerabilities privately:
- Email: security@betterdata.co
- Include repository name (
loopengine/loop-engine) - Include reproduction steps, affected versions, and impact assessment
We will acknowledge receipt as quickly as possible and keep you informed on triage, remediation, and disclosure timing.
Loop Engine is currently in early release. We prioritize fixes for:
- Latest published minor release
- Current main branch
- Receive and validate report
- Reproduce and assess severity
- Prepare and test remediation
- Publish patch release and advisory
- Credit reporter when requested
Loop Engine follows a 90-day coordinated disclosure policy by default. If a fix is ready sooner, we publish sooner. If coordination requires more time, we may extend the timeline in agreement with the reporter.
Loop Engine is an OSS workflow runtime and does not include hosted Better Data control-plane services. Reports should focus on this repository's code, packages, and published artifacts.