Security fixes are handled on the latest release and the current main branch. Older releases may receive fixes when the affected code is still relevant and a safe backport is practical.

Please do not open a public issue with exploit details, private terminal captures, credentials, or sensitive environment information.

Use GitHub private vulnerability reporting for this repository when available. If private reporting is not available, open a minimal public issue asking for a security contact and omit technical details until a private channel is arranged.

Useful reports include:

• Affected PrismTTY version or commit.
• Operating system and terminal environment.
• The smallest synthetic input or config that reproduces the issue.
• Expected and observed behavior.
• Impact assessment, especially whether the input crosses a trust boundary such as remote terminal output, local config parsing, release packaging, or trace file creation.

PrismTTY is often used around network devices and administrative shells. Do not attach real device captures, private hostnames, customer names, IP inventories, credentials, or trace files from sensitive sessions. Reduce reports to synthetic examples that preserve only the token shape needed to reproduce the issue.