Security fixes are applied to the latest maintained release line only. Older release lines may remain unpatched.
Do not open a public issue for security reports.
Use GitHub's private vulnerability reporting for this repository:
https://github.com/nullbio/cbor-php/security/advisories/new
If private reporting is unavailable, contact the repository owner privately via GitHub.
Include:
- A clear description of the issue
- Steps to reproduce it
- The affected version or commit
- Any proof-of-concept code or sample payloads
Confirmed vulnerabilities will be fixed privately first, then disclosed through GitHub Security Advisories when a patched release is available.