We apply security fixes to the latest release line.
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older releases | No |
Please do not open a public issue for security vulnerabilities.
Use GitHub's private vulnerability reporting flow:
If private reporting is unavailable, contact the maintainer through the options listed on @jscraik's GitHub profile and include:
- Affected version and platform
- Reproduction steps or proof-of-concept
- Potential impact
- Any suggested mitigation
- Initial acknowledgment: within 5 business days
- Triage decision: within 10 business days
- Fix timeline: depends on severity and complexity
We will coordinate disclosure timing with reporters whenever possible.