We provide security updates for the following versions of this project:
| Version | Status | Notes |
|---|---|---|
| 0.x.x | ✅ Supported | Receives all security fixes. |
If you believe you have found a security issue, please report it privately via GitHub Security Advisories. Do not open a public GitHub Issue or Pull Request.
- Go to: Report a vulnerability
We follow a responsible disclosure process. Reports will remain confidential until a fix is released and users have had a reasonable upgrade window.
We aim to acknowledge security reports as quickly as reasonably possible. Our first reply will confirm receipt and may request additional information or reproduction steps.
When possible, please include:
- Affected file(s) or function(s)
- Steps to reproduce the issue
- Impact assessment (e.g., RCE, XSS, DoS, data leakage)
- Proof-of-concept or patch (if available)
- Fixes are released as soon as reasonably possible for supported versions.
- If the main branch contains breaking changes, we will back-port the fix to the current stable branch and publish a patch release (e.g.,
vX.Y.Z). - Release notes will describe the vulnerability (severity, impact, CVSS) without full exploit details until a reasonable upgrade window has passed.
We follow Coordinated Vulnerability Disclosure (CVD):
- Vulnerability reported privately.
- Maintainers develop and test a fix.
- Patch release and public advisory are published.
- Detailed technical information may be released later to allow users time to upgrade.