| Version | Supported |
|---|---|
| 0.0.x | ✅ |
| < 0.0.1 | ❌ |
Please report security vulnerabilities privately to:
Email: security@crkg.dev (placeholder — update before first public release)
Please include:
- A description of the vulnerability
- Steps to reproduce
- Affected versions
- Any known mitigations
We aim to acknowledge reports within 5 business days and provide a timeline for a fix within 10 business days.
We follow a coordinated disclosure process:
- Report received and acknowledged
- Issue triaged and severity assessed
- Fix developed and tested
- Fix released and advisory published
- Reporter credited (with permission)