Only the latest release on main is actively supported with security updates.

If you discover a security vulnerability, please report it responsibly. Do not open a public issue.

Email security@nicholasgriffin.dev with:

• A description of the vulnerability
• Steps to reproduce it
• Any relevant logs or screenshots

• Acknowledgement: within 48 hours
• Initial assessment: within 5 business days
• Fix or mitigation: as soon as practical, depending on severity

We will coordinate disclosure with you and credit reporters in the release notes unless anonymity is requested.