Unless a repository states otherwise, Glowing Pixels UG projects are maintained on the default branch and the latest published release.

If you find a security vulnerability, please report it privately to: security@glowing-pixels.com

Do not open public issues for security vulnerabilities.

If the target repository has GitHub private vulnerability reporting enabled, you may also use the repository's Security tab to open a private advisory.

Please include:

• affected package, version, branch, or commit
• clear description and impact
• reproduction steps or proof of concept
• relevant logs, stack traces, or screenshots with secrets redacted
• suggested fix or mitigation, if available

Security updates will be released as patches to supported versions.

• We will acknowledge receipt of your report within 48 hours
• We will provide a status update within 7 days
• We will keep you informed of the progress toward fixing the vulnerability
• We will notify you when the vulnerability has been fixed