Campos is currently in beta (pre-1.0). Security fixes are handled on a best-effort basis for the latest unreleased work on main and the latest published beta versions. Older pre-release versions are not supported.

Please do not open public GitHub issues for suspected security problems.

Instead, report vulnerabilities privately by emailing:

• rahulkeerthi2@gmail.com

Please include:

• a clear description of the issue
• affected package or route
• reproduction steps or a proof of concept
• any suggested mitigation, if you have one

You can expect:

• acknowledgement of receipt
• a follow-up once the report has been reviewed
• coordination on disclosure timing when the report is valid

If the report affects a published package, the fix will be released in a new version rather than by modifying an existing published version.