Security updates apply to the latest released version (vX.Y.Z) and the main branch.

If you discover a vulnerability:

• Do not open a public issue.
• Email: astar-development@outlook.com (or use GitHub Security Advisories)
• Provide: affected area(s), steps to reproduce, impact, and suggested fix if known.

We aim to acknowledge within 48 hours and provide a remediation plan (or fix) within 14 days for critical issues.

We follow a coordinated disclosure model. We’ll work with you to validate and remediate, then publish an advisory and credits (if you want).