Until 1.0.0, only the latest minor release is considered supported.
Do not disclose vulnerabilities publicly before a fix is available.
Send reports to security@saazip.dev with:
- affected version
- impact summary
- reproduction steps
- proof-of-concept or logs when available
We aim to acknowledge reports within 3 business days and provide remediation guidance as soon as triage is complete.