| Version | Supported |
|---|---|
main |
Yes — latest fixes |
| Tags | Best-effort — use the latest tag for production |
Older branches may not receive backports unless agreed with maintainers.
Please do not file a public GitHub issue for undisclosed security vulnerabilities.
Instead:
- Use GitHub private vulnerability reporting for this repository (if enabled by org settings), or
- Email or contact the CppAlliance / repository maintainers through an internal channel your organization documents for security.
Maintainers will acknowledge receipt as soon as practical, investigate, and coordinate a fix and disclosure timeline with you.
This policy covers the paperscout application code, Docker image, and GitHub workflows in this repository. Infrastructure (servers, PostgreSQL host hardening, Slack workspace policy) is out of scope here but should follow your organization’s security baseline — see deploy/SERVER_SETUP.md for deployment hardening notes.