Only the latest release of Specorator receives security fixes. Pre-release versions (e.g. v0.x.x-alpha) are not supported for security patches.

Please do not open a public GitHub issue for security vulnerabilities.

Report vulnerabilities privately via GitHub Security Advisories.

Include as much detail as possible:

• a description of the vulnerability and its potential impact;
• steps to reproduce or a proof-of-concept;
• affected versions;
• any suggested mitigations if known.

You can expect an acknowledgement within 5 business days and a resolution timeline within 30 days for confirmed vulnerabilities, depending on severity and complexity.