We provide security updates for the latest released main branch and the most recent tagged release.

Please report security issues privately.

1. Email: security@dopetask.dev
2. Include a clear description of the vulnerability, impact, and reproduction steps.
3. Share any proof-of-concept in a private channel only.

1. Acknowledgement within 3 business days.
2. Initial triage outcome within 5 business days after acknowledgement.
3. Ongoing status updates at least weekly until resolution or mitigation guidance is published.

The following are treated as security vulnerabilities:

1. Confidentiality, integrity, or availability compromise.
2. Supply chain compromise in dependencies or build/release pipeline.
3. Determinism compromise that could alter packet execution outcomes or artifact trust.

Do not open public GitHub issues for unpatched vulnerabilities.