Katalyst is pre-1.0 and evolving quickly. Security fixes are applied to the latest release and main only.

Please do not open a public issue for security vulnerabilities.

Instead, report privately using GitHub's private vulnerability reporting (Security → Advisories → "Report a vulnerability"). If that is unavailable, email abegong@gmail.com with details.

Please include:

• a description of the issue and its impact,
• steps to reproduce or a proof of concept, and
• any suggested remediation.

You can expect an initial acknowledgement within a few days. We'll keep you updated on progress and coordinate a disclosure timeline with you.