Legolas is in early development. Security fixes are applied to the latest version on the default branch.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, use GitHub's private reporting flow:
When possible, include:
- a description of the issue
- affected file paths or commands
- steps to reproduce
- expected and actual behavior
- proof of concept or sample project
- impact assessment
We will review reports as quickly as possible and coordinate a fix before public disclosure when appropriate.