The Benthos API follows a single-vendor open source model. We maintain the latest published version on the main branch. Earlier versions are not actively maintained.

If you discover a security vulnerability in this repository, please report it privately to security@benthos.ai.

Include:

• A description of the issue
• Steps to reproduce
• The version or commit affected
• Any proof-of-concept code

We aim to acknowledge reports within 5 business days and to issue a fix or coordinated disclosure within 90 days.

GitHub's private vulnerability reporting is enabled on this repository as an alternative channel.