The latest commit on main and the most recent tagged release receive security fixes. Older tags may be patched on a best-effort basis if the fix is low risk.

If you discover a security issue, please report it privately so we can address it quickly:

1. Email richard@richard-slater.co.uk with the subject line SECURITY: <short summary>.
2. Include the steps required to reproduce the issue and any proof-of-concept materials.
3. Do not open a public GitHub issue for security-sensitive problems.

You will receive an acknowledgement within 72 hours. Once the issue is validated, we will:

• Work with you on a fix and target release timeline.
• Credit you in the release notes if desired.

Thank you for helping keep Bromcom Timetable Formatter safe for everyone.