We support security fixes for the latest released version and the master branch.

If you believe you’ve found a security vulnerability, please do not open a public GitHub issue.

Instead, report it privately using one of the following:

• Go to: Security → Advisories → Report a vulnerability
• Provide as much detail as possible (see “What to include” below).

• Email: mklmfernando@gmail.com

Please include:

• A clear description of the issue and potential impact
• Steps to reproduce (proof-of-concept if available)
• Affected versions/branches
• Any suggested fix or mitigation (if you have one)

We aim to:

• Acknowledge receipt within 3 business days
• Provide a status update within 7 business days
• Release a fix as soon as practical based on severity and complexity

We follow coordinated disclosure practices. Please allow reasonable time to investigate and remediate before any public disclosure.

Security fixes may be released as:

• Patch releases
• Advisory notes (GitHub Security Advisory)
• Changelog entries (when appropriate)

Thank you for helping keep this project and its users safe.