| Version | Supported |
|---|---|
| Latest | Yes |
| < Latest | No |
Only the latest release receives security updates. We recommend always using the most recent version.
Do NOT open a public issue for security vulnerabilities.
Use GitHub Security Advisories to privately report vulnerabilities. This creates a private channel between you and the maintainers.
DM via X / Twitter with:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Suggested fix (if any)
| Stage | Target |
|---|---|
| Acknowledgment | Within 48 hours |
| Initial assessment | Within 7 days |
| Patch development | Within 30 days |
| Public disclosure | Within 90 days of report |
We follow a 90-day coordinated disclosure policy. If a fix is ready sooner, we'll disclose sooner.
We credit reporters in:
- Release notes
- Security advisory
- CVE entries (when applicable)
If you prefer to remain anonymous, let us know in your report.
This policy covers the create-vllnt-app CLI and its source code in this repository. Third-party dependencies are out of scope — report those to their respective maintainers.
Maintained by bntvllnt