For the protection of our community, the Pkl team does not disclose, discuss, or confirm security issues until our investigation is complete and any necessary updates are generally available.
If you have discovered a security vulnerability within the Pkl LSP project, please report it to us. We welcome reports from everyone, including security researchers, developers, and users.
Security vulnerabilities may be reported on the Report a vulnerability form. When submitting a vulnerability, select "Apple Devices and Software" as the affected platform, and "Open Source" as the affected area.
For more information, see https://pkl-lang.org/security.html.