Security Policy

Scope

PAX packages Perl applications into standalone executables and bundles runtime payloads, assets, and helper code. Report vulnerabilities that affect:

the public pax build and pax run workflow
standalone runtime extraction, loading, and helper dispatch
bundled dependency resolution and runtime payload packaging
embedded asset handling and packaged web-application execution

Reporting a Vulnerability

Please report security issues privately before opening a public issue.

Contact: security@manif3station.dev
Backup contact: https://github.com/manif3station/PAX/security/advisories

Include:

the PAX version
the target operating system and Perl version
whether the issue affects pax build, pax run, or a produced standalone binary
a minimal reproducer or fixture
whether the issue requires local access, crafted input, or a packaged binary

Triage Expectations

Issues in the standalone loader, packaged helper dispatch, runtime payload extraction, and build-time dependency discovery are treated as high priority because they affect the trust boundary of produced binaries.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Security Policy

Scope

Reporting a Vulnerability

Triage Expectations

Keyboard Shortcuts