Security fixes are applied to the latest mainline version in this repository.
- Do not open a public issue for unpatched vulnerabilities.
- Provide:
- impact summary
- reproduction steps
- affected files or endpoints
- proposed mitigation (if available)
- Use private contact channels defined by project maintainers.
- policy-as-code configs under
security/ - dependency and SBOM tooling under
scripts/ - release preflight and guardrails integrated in CI workflows