css-inline provides security updates only for the latest minor version.

To report a security vulnerability in css-inline:

1. Email your findings to dmitry@dygalo.dev.
2. Provide a detailed description of the vulnerability and steps to reproduce it.
3. If possible, include a suggested fix or mitigation.

You can expect an initial response within a few days of your report.

There is no formal process for disclosing fixed vulnerabilities. Updates will be released as part of regular patch versions, and significant security fixes will be noted in the release notes.

Thank you for helping keep css-inline and its users safe!