| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
Only the most recent release receives security updates.
Please do not open a public GitHub issue for security vulnerabilities.
Instead, use GitHub Private Vulnerability Reporting to submit your report confidentially.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgement within 72 hours
- Status update within 7 days with an initial assessment
- Coordinated disclosure — we will work with you to agree on a disclosure timeline, typically 90 days from the initial report
This policy covers the Scriptoria codebase and its official distribution channels. Third-party dependencies should be reported to their respective maintainers.
We accept vulnerability reports in English or Italian.