Security fixes are applied on a best-effort basis to the active development line in this repository.

Please report vulnerabilities privately and do not open public issues for active security findings.

Provide:

• Affected component and version/commit.
• Reproduction steps or proof-of-concept.
• Impact assessment (confidentiality/integrity/availability).
• Suggested mitigation if available.

• GitHub Security Advisory: Open a private security advisory on this repository (preferred).
• Email: security@viperhttp.dev

• Initial triage target: within 5 business days.
• Confirmed issues receive a mitigation plan and patch timeline.
• Coordinated disclosure is preferred after a fix is available.