Security

SECURITY.md

Security Policy

Supported versions

Security fixes are applied to the latest released version.

Reporting a vulnerability

Please do not open public issues for suspected vulnerabilities.

Use private reporting via GitHub Security Advisories:

Repository -> Security -> Advisories -> Report a vulnerability

Include:

affected version
reproduction steps
impact assessment
any proposed mitigation

Response targets

Initial response: within 72 hours
Triage decision: within 7 days

There aren’t any published security advisories