The latest tagged release on main is supported. Older versions receive fixes only on a best-effort basis.
Email security@techknowmad.ai with:
- Description of the issue (CVE if known)
- Affected version or commit SHA
- Reproduction steps or proof-of-concept
- Your contact info
We acknowledge within 48 hours and provide a remediation timeline within 7 days. Do not open public issues for security reports.
Coordinated disclosure: confirm the issue, ship a fix, then publicly disclose with credit.
Production deployments follow the TechKnowmad Platinum Repo Checklist:
- Branch protection on
main(linear history, no force-push) - Dependabot security updates enabled
- Secret-scanning push protection (where GHAS available)
- Pre-commit gitleaks + trufflehog
- Constitutional hook v5 on workstation (sandboxed agent execution)
Migrating to NIST FIPS 203/204/205 (ML-KEM, ML-DSA, SLH-DSA) by 2027.