quic-go is an implementation of the QUIC protocol and related standards. No software is perfect, and we take reports of potential security issues very seriously.
If you discover a vulnerability that could affect production deployments (e.g., a remotely exploitable issue), please report it privately. Please DO NOT file a public issue for exploitable vulnerabilities.
If the issue is theoretical, non-exploitable, or related to an experimental feature, you may discuss it openly by filing a regular issue.
For bugs, feature requests, or other non-security concerns, please open a GitHub issue.