The following versions of Conductor are currently being supported with security updates:

We take the security of Conductor seriously. If you believe you have found a security vulnerability, please report it to us responsibly.

Please do not report security vulnerabilities via public GitHub issues.

Instead, please use the following method:

GitHub Private Vulnerability Reporting: Use the "Report a vulnerability" button on the Security tab of this repository.

To help us address the issue quickly, please include:

• A descriptive title.
• A summary of the vulnerability.
• Steps to reproduce the issue (including any exploit code if applicable).
• Potential impact of the vulnerability.
• Any suggested fixes or mitigations.

When a security report is received, we will:

1. Acknowledge receipt of the report within 48 hours.
2. Investigate the issue and determine its severity and impact.
3. Work on a fix and validate it.
4. Release a new version with the fix and provide a security advisory.

We ask that you follow responsible disclosure practices and allow us a reasonable amount of time to address the issue before making any information public.