We aim to support the latest release on the default branch. Security fixes are applied there first; use tags/releases when we publish them for production deployments.
Please do not report security vulnerabilities through public GitHub issues.
Instead, report them privately using one of these channels:
- GitHub Security Advisories — Use the repository Security tab and Report a vulnerability if enabled for this repo.
- Email — Send details to security@example.com (replace with a monitored address for your organization).
Include:
- A description of the issue and potential impact
- Steps to reproduce (proof-of-concept if possible)
- Affected versions or commits if known
We will acknowledge receipt as soon as we can and work with you on a coordinated disclosure timeline before any public discussion.
Reports should concern this repository and its direct dependencies as used in this project. Third-party services are subject to their own disclosure processes unless we maintain the integration in a way that introduces the flaw here.