Rootprint is currently pre-1.0. Only the latest release receives security fixes until a 1.x line is cut.
Please do not open public GitHub issues for suspected security vulnerabilities.
Use GitHub's private vulnerability reporting flow for this repository when available:
Include as much detail as you can:
- affected version or commit
- impact and attack scenario
- reproduction steps or proof of concept
- any suggested mitigation if you have one
You can expect an initial response within 5 business days.
- We will acknowledge receipt and begin triage
- We may ask follow-up questions or request a private reproduction
- Once validated, we will prepare a fix and publish release notes when the patch is available
If a report is not security-sensitive, we may ask you to reopen it as a normal GitHub issue instead.