Only the latest release on the default branch is actively supported with security fixes.

Please do not report security vulnerabilities in public issues.

Use one of these channels:

1. Preferred: GitHub Security Advisories (private vulnerability reporting)
2. Fallback: Contact repository maintainers through direct channels listed in the repository profile

Please include:

• A clear description of the issue and impact
• Reproduction steps or proof of concept
• Affected component(s) and version/commit
• Any known mitigations

• Initial acknowledgment: within 3 business days
• Triage decision: within 7 business days
• Fix timeline: depends on severity and complexity

• We follow coordinated disclosure.
• After a fix is available, we will publish a security advisory with mitigation details and affected versions.