OJ Evaluate Cloud includes code submission and code sandbox execution workflows. These areas are security-sensitive and should be reviewed carefully before production use.

This project is currently early-stage. Security reports are accepted for the latest code on the master branch.

If you find a vulnerability, please do not publish exploit details in a public issue before the maintainer has time to review it.

Preferred reporting options:

1. Open a GitHub issue with limited public detail and mark it as a security concern.
2. If private contact is available on the maintainer profile, send details privately.

Please include:

• Affected module or service.
• Reproduction steps.
• Expected impact.
• Suggested mitigation, if known.

• Code sandbox isolation.
• Command execution and file system access.
• User authentication and session handling.
• Problem input/output validation.
• Judge queue and message acknowledgement.
• Secrets in configuration files or logs.

This project is intended for learning and open-source development. Before using it in a public production environment, review sandbox isolation, network restrictions, container permissions, resource limits, and secret management.