| Version | Supported |
|---|---|
main (pre-release) |
✅ |
Once stable releases are published this table will list supported version ranges.
Please do not open a public GitHub Issue for security vulnerabilities.
Report security issues privately via GitHub Security Advisories.
You can also reach the maintainers at the addresses listed in MAINTAINERS.md.
- Description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept (if available)
- Affected versions
- Any suggested mitigations
| Action | Target |
|---|---|
| Initial acknowledgement | 48 hours |
| Status update | 7 days |
| Patch / mitigation | 90 days |
We follow responsible disclosure. We will coordinate a public disclosure date with you.
go-semrel may explore applying for CNCF Sandbox status in the future. No application has been made. This section will be updated if that changes.
No formal security audit has been conducted yet. This section will be updated when one is completed.