Skip to content

Latest commit

 

History

History
32 lines (19 loc) · 1.19 KB

File metadata and controls

32 lines (19 loc) · 1.19 KB

Security Policy

Supported Versions

Security fixes are applied on a best-effort basis to:

  • main
  • the latest stable release tag

Pre-release tags may receive fixes when practical, but they should not be treated as long-term supported releases.

Reporting a Vulnerability

  • Use GitHub private vulnerability reporting from the repository Security tab whenever possible.
  • Do not open public issues, pull requests, or discussions for security vulnerabilities.
  • Include the affected area, impact, reproduction details, and any suggested remediation if you have it.

Repository security page:

If private vulnerability reporting is unavailable for any reason, contact the maintainer through GitHub directly and keep the report non-public.

What To Expect

  • Initial acknowledgement target: within 5 business days
  • Follow-up: status updates as triage and remediation progress
  • Disclosure: coordinated disclosure after a fix is available or mitigation guidance is ready

Out of Scope

General usage questions, feature requests, and non-security bugs should go through the normal support and issue channels described in SUPPORT.md.