LoongClaw is pre-1.0. Security fixes are applied on the default branch (main) and in the latest release line.

Please do not disclose vulnerabilities in public issues or pull requests.

Use GitHub private vulnerability reporting:

• Go to the repository Security tab.
• Use Report a vulnerability.

Include:

• affected component(s)
• impact and severity estimate
• reproduction steps or PoC
• suggested remediation if available

• Initial acknowledgement: within 3 business days.
• Triage and severity classification: within 7 business days.
• Fix timeline: depends on severity and exploitability.

After a fix is available, maintainers will coordinate disclosure notes and release guidance.