| Version | Supported |
|---|---|
| Latest | ✅ Active |
If you discover a security vulnerability, please report it through GitHub's private vulnerability reporting.
Please do not:
- Open public issues for security vulnerabilities
- Disclose vulnerabilities publicly before they are addressed
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Initial response: Within 5 business days
- Status update: Within 10 business days
- Resolution target: Depends on severity
We follow coordinated disclosure. Once a fix is released, we will:
- Publish a security advisory
- Credit the reporter (unless they prefer anonymity)
- Release patched versions