If you discover a security vulnerability in Sabermatic, please report it privately:

• Preferred: Open a private security advisory on GitHub.
• Alternative: Email security@spanda.llc.

Please do not open a public issue for security vulnerabilities.

We aim to acknowledge reports within 3 business days. Coordinated disclosure is appreciated.