Security fixes are applied to the main branch and included in the next release.
| Version | Supported |
|---|---|
latest main |
Yes |
| older tags/releases | Best effort |
Please do not open public issues for suspected vulnerabilities.
Use GitHub Security Advisories (private reporting):
If private advisory reporting is unavailable, open a minimal issue without exploit details and request a private contact channel.
- Affected component or file path
- Reproduction steps or proof of concept
- Impact assessment (confidentiality/integrity/availability)
- Suggested mitigation if known
- Initial acknowledgment: within 72 hours
- Triage and severity assessment: as soon as practical
- Fix timeline: based on severity and complexity