If you discover a security vulnerability in flutter_xray, please report it privately instead of opening a public issue.

Send an email to the repository maintainers with the following information:

• A description of the vulnerability
• Steps to reproduce it
• The version of the plugin where you found it
• Any possible mitigations you are aware of

We will respond as soon as we can and work with you to verify and fix the issue before any public disclosure.

This policy covers the flutter_xray plugin code, its Dart API, and the native wrappers. It does not cover Xray-core itself. If you find a bug in the underlying Xray engine, please report it to the Xray-core project.