Replace this section with the supported versions for voicepath.
Example:
| Version | Supported |
| --- | --- |
| .x | Yes |
| < .0 | No |If the project does not publish versioned releases yet, say that clearly.
Please do not report suspected vulnerabilities in public issues, pull requests, or discussions.
Ask maintainers for the private security reporting path before sharing details.
If no private reporting path exists yet, ask maintainers through public project channels for a private reporting path. Do not include exploit details, secrets, personal data, or sensitive technical details in public messages.
When a private reporting path is available, include:
- A clear description of the issue.
- Affected versions, files, packages, workflows, or configuration.
- Steps to reproduce, proof of concept, or attack scenario when safe to share.
- Potential impact.
- Suggested mitigation, if known.
Maintainers review good-faith reports as capacity allows.
Do not imply paid support, guaranteed response times, guaranteed fixes, or service-level agreements unless voicepath explicitly provides them.
In scope:
- Vulnerabilities in voicepath.
- Insecure default configuration shipped by this project.
- CI, release, or dependency guidance maintained by this project.
Out of scope:
- General support requests.
- Requests for guaranteed maintenance timelines.
- Issues in unrelated downstream projects.
Coordinate disclosure with maintainers before publishing vulnerability details.
Do not include provider API keys in issues, fixtures, telemetry snapshots, or examples. Use mock providers for reproduction cases whenever possible. See SAFETY.md for the local-first operating model.