Security Policy

Supported Versions Security updates apply to the latest MAJOR version.

Reporting a Vulnerability If you discover a vulnerability:

1. Do not open a public issue
2. Email the maintainers privately
3. Include:
   • Description
   • Steps to reproduce
   • Impact assessment

You will receive acknowledgment within 72 hours.

Disclosure Policy

• Responsible disclosure is required
• Fixes are prepared before public announcement
• Contributors may be credited unless anonymity is requested