# Security Policy

webtransport-go is an implementation of the WebTransport over HTTP/3 protocol. No software is perfect, and we take reports of potential security issues very seriously.

## Reporting a Vulnerability

If you discover a vulnerability that could affect production deployments (e.g., a remotely exploitable issue), please report it [**privately**](https://github.com/quic-go/webtransport-go/security/advisories/new).
Please **DO NOT file a public issue** for exploitable vulnerabilities.

If the issue is theoretical, non-exploitable, or related to an experimental feature, you may discuss it openly by filing a regular issue.

## Reporting a non-security bug

For bugs, feature requests, or other non-security concerns, please open a GitHub [issue](https://github.com/quic-go/webtransport-go/issues/new).