Security

SECURITY.md

Security Policy

Supported Versions

Security fixes are applied to the latest mainline version.

Reporting a Vulnerability

Please do not open public issues for vulnerabilities.

Report privately with:

affected component(s)
reproduction steps
impact assessment
suggested mitigation (optional)

Use the contact channel in SUPPORT.md.
If you already have maintainer contact details, use them directly.

Response Targets

Initial acknowledgment: within 72 hours
Triage/update: as soon as reproducible
Fix timeline: depends on severity and exploitability

Disclosure

Please allow time for a fix before public disclosure.

There aren’t any published security advisories