Hexloom currently supports the latest release line published from main.

If you discover a security issue, do not open a public GitHub issue.

Instead:

1. Prepare a short write-up with the affected area, reproduction steps, and impact.
2. Send the report privately through GitHub Security Advisories if available for the repository.
3. If GitHub Security Advisories are unavailable, contact the maintainer directly before public disclosure.

Please include:

• affected endpoint or file
• attack preconditions
• proof of concept or reproduction steps
• suggested mitigation if known

• Initial triage target: within 7 days
• Fix timeline: depends on severity and reproducibility
• Public disclosure: after a fix or mitigation is available