Security fixes are provided for the latest released minor line.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
| < 0.1.0 | No |
Please report vulnerabilities privately through one of these channels:
- GitHub: use the repository's private vulnerability reporting (Security Advisories)
- Email: security@openspp.org
Do not open public issues for potential vulnerabilities.
- Affected version(s)
- Reproduction steps or proof of concept
- Impact assessment
- Suggested remediation (if available)
- Initial acknowledgment: within 3 business days
- Triage/update: within 7 business days
- Fix timeline: depends on severity and release constraints
We will coordinate disclosure timing with the reporter whenever possible.