If you discover a vulnerability that could affect the security, integrity, or stability of the project, please follow the instructions below.
Do NOT create a public Issue for security vulnerabilities.
Instead, send a description of the problem to: 📧 2026.stell@gmail.com
Please include as much information as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
I will try to respond within 48 hours and keep you informed on the progress.
Only the latest version from the main branch is currently supported.
| Version | Supported |
|---|---|
main (latest) |
✅ |
| Older branches | ❌ |
If a vulnerability is confirmed, I will release a fix as soon as possible. Information about the vulnerability will only be published after a fix is available. I ask security researchers to give me time to address the issue before public disclosure (coordinated disclosure).
This policy covers vulnerabilities in the core project code. Out of scope: third-party dependencies (please report those to their respective maintainers), general bugs that do not have a security impact.
Responsible disclosures will be acknowledged in the release notes (unless you prefer to remain anonymous).