| Version | Supported |
|---|---|
| latest | yes |
| < 1.0 | no |
Please do not open a public GitHub issue for security vulnerabilities.
Report them privately using one of these channels (in order of preference):
- GitHub private vulnerability reporting — click "Report a vulnerability" on the Security tab
- Email — contact the maintainer directly (check the repository profile)
- Description of the vulnerability and potential impact
- Steps to reproduce
- Affected versions
- Any suggested fix (optional)
| Milestone | Target |
|---|---|
| Acknowledgement | 48 hours |
| Initial assessment | 5 business days |
| Fix or mitigation | Depends on severity |
| Public disclosure | After fix released |
We follow responsible disclosure — we will coordinate a public advisory with you once a fix is available.