At this juncture, only the latest version of the monad library is officially supported. Users are strongly urged to update to the latest release to benefit from ongoing improvements and security patches.

• Initial Contact: If you've discovered a vulnerability, please contact the maintainers via email at denisdubochevalier+monad-security@gmail.com Provide as many details as possible about the vulnerability, including steps to reproduce it if applicable.
• Confidentiality: Please do not disclose the vulnerability publicly until it has been resolved. We are committed to addressing security issues diligently, and will provide you with updates throughout the resolution process.
• Acknowledgment: Upon receipt of the report, an initial assessment will be conducted, and you'll receive an acknowledgment within 2-3 business days.
• Resolution & Disclosure: Once the vulnerability is verified and a fix has been implemented, an update will be released. Subsequently, the vulnerability can be publicly disclosed, and credit will be given in the release notes.

While we aim to provide a secure library, the following are outside the scope of our security policy:

• Vulnerabilities in dependencies that are not part of this library.
• Issues that require social engineering tactics (e.g., phishing).

For further questions or concerns about this policy, please contact denisdubochevalier+monad-security@gmail.com.