Security

SECURITY.md

Security Policy

Supported versions

Version	Supported
1.x	Yes
< 1.0	No

Reporting a vulnerability

Please report security issues privately. Include:

affected version/commit,
reproduction details,
potential impact,
any proof-of-concept (if available).

Do not open public issues for unpatched vulnerabilities.

Response targets

Initial triage: within 3 business days.
Status update: within 7 business days.
Fix timeline: based on severity and exploitability.

Disclosure process

Private report received and acknowledged.
Vulnerability reproduced and severity assigned.
Patch prepared and validated.
Coordinated disclosure after fix release.

There aren't any published security advisories