Sentilook currently treats the latest v0.2.x line as the active maintenance
target. Older versions may receive fixes at maintainer discretion only.
Do not open a public issue for suspected vulnerabilities, secret exposure, or unsafe masking behavior.
Preferred process:
- Use GitHub private vulnerability reporting when it is enabled for the repository
- If private reporting is not available, contact the maintainers through a private channel before any public disclosure
Include:
- affected version or commit
- operating system and reproduction steps
- sanitized proof of concept
- expected impact
- whether raw secrets may have been exposed
- initial acknowledgement within 5 business days
- status update after triage
- coordinated disclosure after a fix is ready
- general usage questions
- feature requests
- non-sensitive troubleshooting
For those topics, use SUPPORT.md.