causalrl is pre-1.0 research software. Security fixes are applied to the latest release on main only.

Please report security issues privately to raphaelrrcoelho@gmail.com rather than opening a public issue. Include a description, reproduction steps, and the affected version. You can expect an acknowledgement within a few days.

causalrl has no network surface and processes no untrusted input, so most reports will concern dependency or supply-chain vulnerabilities.