Security

SECURITY.md

Security Policy

Supported Versions

Security fixes are provided on a best-effort basis for:

the latest release/tag
the main branch

Older versions may not receive patches.

Reporting a Vulnerability

Please do not report security vulnerabilities in public GitHub issues.

Use one of these options:

Open a private GitHub Security Advisory for this repository (preferred).
If private advisories are not available, open a normal issue and request a private contact channel without disclosing exploit details.

What to Include

affected version / commit
impact summary
reproduction steps or proof of concept
any suggested mitigation

Response Expectations

Maintainers will triage reports on a best-effort basis and may ask for follow-up details before confirming severity or remediation timelines.

There aren’t any published security advisories