Security fixes are applied to the current maintained release line only.
| Version | Supported |
|---|---|
| 1.8.x | ✅ |
| < 1.8 | ❌ |
For current package and release history, see:
If you discover a security issue in Evalanche, report it privately through GitHub Private Vulnerability Reporting / GitHub Security Advisories for this repository.
Do not open a public GitHub issue for security vulnerabilities.
Please include:
- affected version
- impacted module, dependency, or execution surface
- reproduction steps or proof of concept
- severity and likely impact
- any known mitigation or suggested fix
- acknowledgement within 72 hours
- initial triage or follow-up within 7 days
- coordinated disclosure after a fix or mitigation is available
Security fixes are expected to ship on the active release line, with notes captured in the release docs when appropriate.