Arden follows a rolling support model:
master: supported for security fixes- Latest tagged release (
v*): supported for security fixes - Older releases: best effort only
Please do not open public GitHub issues for potential vulnerabilities.
Report privately via GitHub Security Advisories:
- Open the repository's Security tab.
- Click Report a vulnerability.
- Provide:
- affected version/commit
- impact and attack scenario
- minimal reproduction (if possible)
- proposed mitigation (optional)
- Initial triage response: within 3 business days
- Remediation plan/decision: within 7 business days
- Fix release timing: depends on severity and exploitability
Coordinated disclosure is preferred. We will credit reporters unless anonymity is requested.