We take security seriously and are committed to ensuring the safety of our users.

If you discover a security issue in the Legion API, please report it privately via our security advisories page. Do not report security vulnerabilities through public channels such as GitHub issues.

Upon receiving your report, we will triage the issue within 3 business days and work to resolve it as quickly as possible. We may follow up for more details.

Your efforts to responsibly disclose vulnerabilities are greatly appreciated. At this time, we do not offer a bug bounty program.

Thank you for helping us keep the Legion API secure!