Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in Crypt::OpenSSL::RSA, please report it responsibly.

Preferred: Use GitHub's private vulnerability reporting to submit a report directly on GitHub.

Alternative: Email Todd Rinaldo toddr@cpan.org

Please include:

• A description of the vulnerability
• Steps to reproduce the issue
• Any relevant version or platform details

We will acknowledge receipt within 48 hours and aim to provide an initial assessment within one week.

Supported Versions

Security fixes are applied to the latest release. Users are encouraged to keep their installation up to date.

Scope

This module is a Perl XS wrapper around OpenSSL's RSA implementation. Vulnerabilities in OpenSSL itself should be reported to the OpenSSL security team.