Security Policy Supported Scope main branch most recent tagged release Reporting a Vulnerability Use GitHub Security Advisories (Security tab -> Report a vulnerability) for private disclosure. Include affected commit/tag, reproduction steps, expected impact, and proposed mitigation if available. Do not open public issues for unpatched vulnerabilities. Response Targets initial triage: within 5 business days remediation for confirmed high/critical issues: next patch release window