This project is a collection of PowerShell scripts. We aim to support the latest PowerShell7.x and Windows PowerShell5.1 runtimes. Security fixes will be applied to the main branch and released as soon as practical.

If you discover a security vulnerability, please report it privately so we can investigate and fix it before public disclosure.

Preferred reporting methods:

• Use GitHub's Security Advisories for this repository (recommended) so the maintainers can coordinate a fix and private disclosure. See: https://docs.github.com/en/code-security/security-advisories
• If GitHub Security Advisories are not available for you, open a private communication to the repository maintainers (for example an email to the project maintainer) if such contact is published in the repository. Do not post security-sensitive information in public issues or PRs.

If you must use a public channel initially, avoid including exploit code or detailed reproduction steps until a private channel is established.

Please include as much of the following as possible:

• A clear description of the vulnerability and its impact (confidentiality, integrity, availability).
• Step-by-step reproduction steps or a minimal proof-of-concept (in a private channel only).
• Affected versions/files and the environment where the issue was observed (PowerShell version, OS).
• Any relevant logs, stack traces or configuration snippets.
• Contact information so the maintainers can follow up.

• Acknowledgement: We will acknowledge receipt as soon as practicable.
• Triage: We will triage and begin an investigation as soon as practicable.
• Fix: We will work to provide a fix or mitigation as soon as practicable; timelines vary by severity and complexity.
• Public disclosure: The project follows coordinated disclosure practices. We will coordinate any public disclosure with the reporter; if no agreement is reached, we may disclose after a reasonable period once a fix is available.

We prefer coordinated disclosure so that users can update safely. Please do not publicly disclose vulnerabilities until a maintainer has had a reasonable opportunity to respond and a fix is available.

We appreciate security reports and will credit reporters in release notes or acknowledgements unless the reporter requests to remain anonymous.

If you have questions about this policy or need an alternate contact method, open an issue marked with the security label (avoid posting exploit details) or check the repository README for maintainer contact information.