Only the latest release receives security fixes. Update to the latest version before reporting.

Do not open a public GitHub issue for security vulnerabilities.

Report privately via GitHub: go to the Security tab and open a private advisory. Include:

• Description of the vulnerability
• Steps to reproduce
• Affected versions
• Suggested fix (if any)

You will receive a response within 5 business days. If the report is confirmed, a fix will be released as soon as possible and you will be credited in the changelog unless you request otherwise.

This policy covers the kwtsms/kwtsms PHP library only.

Out of scope:

• The kwtSMS gateway itself (kwtsms.com): contact kwtSMS support directly
• Vulnerabilities in third-party dependencies
• Issues in your own application code that uses this library