Security fixes are provided on a best-effort basis for the latest stable
branch and the latest published release.
| Version | Supported |
|---|---|
| latest release | yes |
stable |
yes |
| older releases | no |
Please report security issues privately.
- Preferred channel: GitHub Security Advisories.
- If advisory reporting is unavailable, contact the maintainer privately before publishing exploit details.
- Include:
- affected G3M version
- operating system and architecture
- reproducible steps
- impact assessment
- minimal proof of concept
- Initial acknowledgement: best effort within 72 hours.
- Triage and severity assessment: best effort within 14 days.
- Fix timeline depends on severity and reproducibility.
- G3M includes bundled tools and local file operations.
- Treat untrusted archives, mods, scripts, and external downloads as untrusted input.