This is a personal website. Only the latest deployed version is actively maintained.

If you discover a security vulnerability, please do not open a public GitHub issue.

Instead, use one of the following:

• GitHub Private Vulnerability Reporting — preferred. Use the Report a vulnerability button on the Security tab.
• Email — frances@francescoronel.com

Please include:

• A description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (optional)

I aim to respond within 72 hours and will keep you updated as the issue is investigated and resolved.

In scope:

• francescoronel.com and all subdomains
• API routes (/api/*)
• Any disclosed data or credentials

Out of scope:

• Third-party services (Buttondown, Vercel, Cal.com, Slack)
• Denial of service attacks
• Social engineering

Thank you for helping keep this site secure.