The current main branch and the latest tagged release receive security fixes.
Please open a private vulnerability report on GitHub if available. If private reporting is not available yet, open an issue with a minimal description and avoid posting exploit details publicly.
Include:
- affected command or workflow
- input that triggers the problem
- expected impact
- suggested fix, if known
Security-related reports should receive an initial response within seven days. Fixes should be handled with small, reviewable commits and release notes that explain the user-visible impact without exposing unnecessary exploit detail.