We actively provide security updates for the following versions of the SDK:

Please do not report security vulnerabilities via public GitHub issues.

We take the security of our SDK seriously. If you believe you have found a security vulnerability, please use one of the following private channels:

The safest way to report a vulnerability is through GitHub's private reporting feature:

1. Navigate to the Security tab of this repository.
2. Select Advisories on the left sidebar.
3. Click on Report a vulnerability.

This allows us to collaborate privately on a fix before disclosing the issue publicly.

Alternatively, you can reach out directly via email to: danlorb@velvet-lab.net.

• Acknowledgement: We will acknowledge receipt of your report within 48 hours.
• Investigation: We will investigate the issue and keep you informed of the progress.
• Fix & Disclosure: Once a fix is ready, we will coordinate a release and a public Security Advisory (CVE), giving credit to the reporter if desired.

Thank you for helping keep velvet-lab secure!