projection is pre-1.0 software. During the alpha phase, only the latest
minor release line receives security fixes.
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
| < 0.1.0 | ❌ |
Please do not open a public GitHub issue for security vulnerabilities.
Report security issues privately using GitHub's private security advisory feature:
https://github.com/projection-operator/projection/security/advisories/new
Include as much detail as you can — reproduction steps, affected versions, and the impact you observed. Proof-of-concept code is welcome but not required.
We aim to respond within 5 business days and provide a fix or mitigation timeline within 14 days. If the issue is urgent, please note that in the advisory.
We follow coordinated disclosure. Once a fix is available and released, the advisory will be published publicly. If you consent, we'll credit you by name (or handle) in the release notes and the published advisory.