Vulnerability Disclosure Policy

Report security issues to security@coral.li or via https://www.coral.li/contact-us.
Please include steps to reproduce and any potential impact.

We will acknowledge receipt within 5 business days and aim to provide a
remediation plan or fix within 30 days, depending on severity and complexity.

Please do not publicly disclose until we confirm a fix or request coordination.
Thank you for helping keep Coral secure.