This project is pre-1.0 and under active development.

• Supported: latest main branch commit
• Not supported: older commits, forks, and unpublished local builds

Please do not open a public issue for security vulnerabilities.

Use GitHub's private reporting flow instead:

1. Go to the repository Security tab.
2. Select Report a vulnerability.
3. Include:
   • affected crate(s) and file(s)
   • reproduction steps / proof of concept
   • impact and threat model assumptions
   • suggested fix (if available)

If private reporting is unavailable, contact the maintainer via GitHub profile contact details and include [SECURITY] in the title.

• Initial triage response target: within 5 business days
• Status update target: every 7 business days while open
• Fix timeline depends on severity and release constraints

• Coordinate disclosure with maintainers.
• Avoid publishing exploit details before a fix or mitigation is available.
• Credit reporters in release notes unless anonymity is requested.