The security process covers:

• crates/mdstar-core
• crates/mdstar-render-terminal
• crates/mdstar-render-html
• crates/mdstar-cli
• crates/mdstar-ffi
• crates/mdstar-app

Please report security issues privately to maintainers. Do not open a public issue for active vulnerabilities.

When reporting, include:

• affected component and version/commit,
• reproduction steps,
• impact assessment,
• optional mitigation suggestions.

• Initial response: within 72 hours.
• Triage decision: within 7 days.
• Patch timeline: depends on severity and complexity.

• We prioritize fixes for parser, rendering, and integration boundaries.
• We may publish advisories after fixes are available.
• Credit will be provided unless anonymous disclosure is requested.