Skip to content

Security: halostatue/diff-lcs

SECURITY.md

diff-lcs Security

LLM-Generated Security Report Policy

Absolutely no security reports will be accepted that have been generated solely by LLM agents. There must be a human that confirms the issue.

Supported Versions

Security reports are accepted for the most recent major release, with a limited window of support after the initial major release.

  • Bug reports will be accepted up to three months after release.
  • Security reports will be accepted up to six months after release.

All issues raised must be demonstrated on the minimum supported Ruby version.

Important

Because diff-lcs 1 has been the only version for over twenty years, security reports will be accepted for one year after the release of diff-lcs 2.

Version Release Date Support Ends Security Support Ends
1.x 2010 2026-05-01 2027-02-01
2.x 2026-02-01 - -

Reporting a Vulnerability

Report vulnerabilities via the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

Alternatively, create a private vulnerability report with GitHub.

There aren't any published security advisories