Pre-v1.0.0 releases receive security fixes on a best-effort basis. After v1.0.0, the current minor release will receive security fixes.

Please do not open a public GitHub issue for security vulnerabilities.

Report vulnerabilities privately via GitHub Security Advisories or by emailing mridang.agarwalla@gmail.com.

Include:

• A description of the vulnerability and its potential impact
• Steps to reproduce or a proof-of-concept (if available)
• The version(s) affected

We aim to acknowledge reports within 3 business days and to publish a fix within 30 days for confirmed vulnerabilities.