If you have identified a security vulnerability in the oci-delta project, please do not report the issue publicly via GitHub issues, mailing lists, etc. Instead, use GitHub's private security vulnerability reporting feature by pressing the "Report a vulnerability" button on the repository's security page or privately contact one or more of the maintainers.

All security vulnerabilities will be disclosed in the next release after they are fixed.

Each report is acknowledged and analyzed as soon as is practicable given that oci-delta is maintained by a few volunteers.

As the security report moves toward an identified fix and release, the maintainers will keep the reporter updated.