Security

SECURITY.md

Security Policy

Supported Versions

Version	Supported
0.3.x	✅
< 0.3	❌

Reporting a Vulnerability

If you discover a security vulnerability, please report it privately by opening a GitHub Security Advisory.

Do not report security vulnerabilities via public GitHub issues.

You should receive a response within 48 hours. If you don't, follow up via the same channel.

What to include

Type of vulnerability
Steps to reproduce
Affected versions
Any potential impact

Disclosure Policy

Vulnerabilities are disclosed after a fix is released
We credit reporters in the release notes (with permission)
Critical issues get priority fixes and early disclosure to affected users

There aren't any published security advisories