We plan to support the latest tagged release and the main branch. Older releases might receive critical patches at the maintainers' discretion.

Please email security reports to avivsinai@gmail.com with:

• A description of the vulnerability and potential impact.
• Steps to reproduce or proof-of-concept code.
• Any known mitigations or workarounds.

We aim to acknowledge new reports within 3 business days and provide a status update within 7 business days. Responsible disclosure is appreciated; we will coordinate a release window before publishing details.

English is preferred for security reports. Let us know if translation support is needed.

We will credit reporters in release notes if they wish. Public disclosure should only happen after a fix has shipped or by mutual agreement.