Security fixes are prioritized for the latest stable release.
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older releases | Best effort |
Please do not report security vulnerabilities through public GitHub issues.
Use GitHub Private Vulnerability Reporting:
Include as much detail as possible:
- Affected version(s)
- Reproduction steps or proof-of-concept
- Impact assessment
- Suggested remediation (if known)
- Initial acknowledgment target: within 72 hours
- Triage/update target: within 7 days
- Fix timeline: depends on severity and release coordination
After validation, maintainers will coordinate remediation and release timing. We will credit reporters who want public acknowledgment.