Structum adheres to a "Lockstep Versioning" policy. Security updates are provided for the latest minor version of the framework.

We take the security of Structum seriously. If you discover a security vulnerability, please follow these steps:

1. Do NOT open a public issue on GitHub.
2. Email our security team at security@structum.dev (or the maintainer's primary contact).
3. Include a detailed description of the vulnerability, steps to reproduce, and potential impact.

We will acknowledge your report within 48 hours and provide an estimated timeline for a fix.

Structum is designed with security in mind:

• Zero External Dependencies (Core): Reduces supply chain attack surface.
• Output Neutralization: All logging and error handling is designed to prevent leaking sensitive data (secrets, PII) by default.
• Secure Defaults: Configuration validation is strict ("Fail Fast") to prevent misconfigured deployments.