Only the latest 0.x release receives security fixes during preview.

Do not file public issues for vulnerabilities. Contact the maintainer privately through the GitHub repository owner profile or use GitHub private vulnerability reporting if enabled.

This repository contains developer guidance, schemas, examples, and validation scripts. Security-sensitive Widget Workshop host runtime issues should be reported against the host application repository as well, especially if they involve Host API permission checks, WebView2 isolation, file tokens, fetch policy, or shell operations.