Security

SECURITY.md

Security Policy

Supported versions

Security support is provided for the default branch (main) and the latest published release tag.

Reporting a vulnerability

Please do not report security vulnerabilities in public issues.

Use one of these private channels:

Contact repository owners/maintainers directly via GitHub.
If available in your organization, use private security reporting.

Include as much detail as possible:

Affected files/modules
Reproduction steps
Impact assessment
Suggested mitigation (if known)

Response targets

Initial acknowledgment: within 7 days
Triage decision: as soon as practical after reproduction
Fix and disclosure timeline: coordinated with maintainers based on severity

Scope

This policy applies to RTL, tooling scripts, CI configuration, and project infrastructure in this repository.

There aren’t any published security advisories