Security fixes are applied to the current major version line. Please upgrade to the latest patch release to receive security updates.

We take the security of SepaPaymentBundle seriously. If you believe you have found a security vulnerability, please report it privately.

Do not report security vulnerabilities through public GitHub issues.

Please send details to: hectorfranco@nowo.tech

Include the following information:

• Type of issue (e.g., injection, XSS, auth bypass, deserialization risk, etc.)
• Full paths of source file(s) related to the issue
• Affected version/tag/commit (or direct URL)
• Any special configuration required to reproduce
• Step-by-step reproduction instructions
• Proof-of-concept or exploit code (if possible)
• Impact and possible attacker scenario

• Initial response: within 48 hours
• Status update: within 7 days
• Resolution: depends on complexity and impact

• We confirm receipt of your report.
• We validate and triage the issue.
• We develop and release a fix as soon as possible.
• We coordinate disclosure with the reporter.
• We can acknowledge responsible disclosure publicly (if desired).

We prefer communications in English or Spanish.

• Maintainer: Héctor Franco Aceituno
• Organization: nowo-tech