Only the latest stable release of carnaval is actively supported for security updates:

Please do not open a public GitHub issue for security vulnerabilities.

If you discover a security vulnerability (such as a flaw in vault encryption, data leakage, or dependency issues), please report it responsibly by contacting the maintainer via email at:

carnaval.oss@gmail.com

Please include:

• A detailed description of the vulnerability.
• Steps to reproduce the issue (ideally with a minimal Python script or text file).
• Potential impact and security implications.

We will acknowledge receipt of your report within 48 hours and work with you to analyze, fix, and coordinate a release addressing the issue.