The OddBird team and community take security seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please open a private vulnerability report at https://github.com/oddbird/css-anchor-positioning/security/advisories/new.

While discovering new vulnerabilities is rare, we always recommend using the latest version to ensure your application remains as secure as possible.

This project follows semantic versioning principles. Security updates will be released for the latest major version. Maintainers will determine if security updates will be released for other versions, depending on the severity of the vulnerability and the usage of other versions.