| Version | Supported |
|---|---|
| 0.x | Yes |
| < 0.0 | No |
Pre-1.0 projects: only the latest minor is supported.
Do not open a public GitHub issue for security vulnerabilities.
Report privately via one of:
- GitHub Security Advisories (preferred)
- Email hello@urmzd.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Acknowledgment within 48 hours
- Initial assessment within 1 week
- Fix target within 90 days of confirmation
Contributors who responsibly disclose vulnerabilities will be credited in the release notes unless they prefer to remain anonymous.