Security fixes are best-effort for:

• Latest release
• Current main branch

Older versions may not receive fixes.

Please do not open public issues for security bugs.

Preferred process:

1. Open a private GitHub security advisory for this repository.
2. Include reproduction steps, impact, and affected versions.
3. If available, include logs, crash reports, or proof-of-concept.

• Initial triage: within 7 days
• Status updates: as fixes are prepared
• Public disclosure: after a patch or mitigation is available