Security fixes are provided on a best-effort basis for:

• The latest main branch
• The latest tagged release (when tags are published)

Older versions may not receive security fixes.

Please do not report security vulnerabilities in public GitHub issues.

Preferred reporting path:

• Use GitHub Security Advisories ("Report a vulnerability") for this repository, if enabled.

Fallback reporting path:

• Contact the repository maintainer (@bernardhu) directly via GitHub.

Please include:

• Affected version / commit
• Reproduction steps or proof of concept
• Impact assessment (confidentiality / integrity / availability)
• Any suggested remediation (if available)

• Initial acknowledgement target: within 7 business days
• Status updates: best effort during investigation and remediation

We prefer coordinated disclosure. Please allow time for validation and a fix before public disclosure.