Security Policy Supported Versions Version Supported v1.0.x Yes < v1.0.0 No Reporting a Vulnerability Do not open public issue for active secret leakage or exploit chain. Contact maintainers with: Repro steps Affected version/commit Impact and suggested mitigation Maintainers will acknowledge within 3 business days. Secret Handling Baseline Never commit real tokens/keys/passwords. Never commit private IP/domain/tenant identifiers from production. Run python3 tools/sanitize_check.py --root . before every release tag.