Security fixes are prioritized for the current development line on main and the latest published release on PyPI.

Please do not open public issues for suspected vulnerabilities.

Instead, report privately using one of these channels:

1. GitHub Security Advisories (preferred):
   • Go to the repository Security tab and create a private advisory.
2. Email:
   • team@hypertrial.ai

Include:

• A clear description of the issue and potential impact.
• Reproduction steps or proof-of-concept details.
• Any known affected versions.

• Initial acknowledgment: within 3 business days.
• Status update: within 7 business days.
• Remediation timeline: communicated based on severity and complexity.

• Please allow maintainers time to investigate and patch before public disclosure.
• Once fixed, we will document the change in CHANGELOG.md and release notes.