Security fixes are provided for the latest released version of sonacli.

Pre-release versions, including release candidates, may receive fixes at maintainer discretion and are not guaranteed long-term support.

Do not report security vulnerabilities through public GitHub issues.

Report vulnerabilities privately through GitHub's private vulnerability reporting feature for this repository. If private reporting is unavailable, contact the maintainer directly.

Include the following details where possible:

• A clear description of the issue
• The affected version or commit
• Steps to reproduce
• The potential impact
• Any suggested remediation

The maintainer will try to:

• Acknowledge receipt within a few days
• Triage and validate the report
• Prepare a fix if the issue is confirmed
• Coordinate disclosure after a fix is available

Please allow time for investigation and remediation before public disclosure.