# Security Policy

## Link to TeX Live Security Model

As described in the script documentation, the primary aim of `l3sys-query` is
to support system queries in the context of restricted shell escape from a TeX
run. Specifically, the script is intended to respect _restricted_ shell escape.

## Reporting a Vulnerability

Security vulnerabilities can be reported privately _via_ GitHub at
https://github.com/latex3/l3sys-query/security. Using this mechanism means that
the potential issue does not show in the public issues list, and will give the
team chance to review the report before it is made public.

Alternative, the LaTeX Team can be contacted by email:
latex-team@latex-project.org.