If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public issue
- Use GitHub Security Advisories on the affected repository
- Or contact the maintainer directly
- Acknowledgment: Within 7 days
- Initial assessment: Within 14 days
- Fix (if confirmed): Best effort, typically within 30 days
Only the latest release of each repository receives security updates.
This policy applies to all repositories in this organization.