Only the latest released version is supported with security updates. Please make sure you are using the most recent release before reporting a vulnerability.

Please do not open a public issue for security vulnerabilities.

Instead, report vulnerabilities through GitHub Security Advisories.

• Acknowledgement within 72 hours of your report.
• Status update within 7 days with an initial assessment.
• A fix will be developed privately and released as a patch version.
• You will be credited in the release notes (unless you prefer otherwise).

• Description of the vulnerability
• Steps to reproduce
• Affected versions
• Any potential impact assessment

This policy covers the remote-store Python package and its official backends. Third-party backends or plugins are outside the scope of this policy.