Please report security vulnerabilities via GitHub Security Advisories:
- Open a private security advisory
- For sensitive issues, contact the repository owner directly
Latest main branch. Older versions are not supported.
We follow coordinated disclosure with reporters. Once an issue is patched, an advisory will be published.
Rust projects in this org enforce a zero-advisory floor via cargo-deny.yml workflow (Monday cron + on-demand).
Static analysis runs Tuesday weekly via codeql-rust.yml workflow.