Security fixes are provided for the latest stable release line.
| Version | Supported |
|---|---|
| latest | ✅ |
Please do not disclose security issues publicly in GitHub issues, discussions, or pull requests.
Report vulnerabilities privately by email:
Please include as much of the following as possible:
- Vulnerability type and impacted component(s)
- Steps to reproduce or proof of concept
- Potential impact and attack prerequisites
- Suggested remediation (optional)
- Your preferred contact details
- We acknowledge receipt of valid reports within 3 business days.
- We investigate and validate the issue.
- We work on remediation and coordinate release timing.
- We notify the reporter when a fix is available.
We follow responsible disclosure and request that reporters avoid public disclosure until a fix is released.
If you act in good faith, avoid privacy violations and service disruption, and do not exfiltrate data, we will not pursue legal action for your research.