Only the latest release on the main branch is actively supported with security updates.

We take security issues seriously. If you discover a vulnerability, please report it through GitHub Private Vulnerability Reporting:

1. Go to the Security Advisories page for this repository.
2. Click "Report a vulnerability".
3. Provide a clear description of the issue, steps to reproduce, and any potential impact.

Please do not open a public issue or pull request for security vulnerabilities. Public disclosure before a fix is available puts all users at risk.

• We will acknowledge your report within 7 business days.
• We will work with you to understand and validate the issue.
• Once a fix is ready, we will coordinate disclosure with you before making it public.
• Contributors who responsibly disclose vulnerabilities will be acknowledged (unless they prefer to remain anonymous).

This policy applies to the GutenOCR codebase hosted in this repository. Third-party dependencies are outside the scope of this policy, but we appreciate reports about vulnerable dependencies so we can update them promptly.