Only the latest release tag is supported. Fixes will land on main and be cut as a new patch release; older tags will not be back-patched.

Please do not open a public GitHub issue for security problems.

Email Avicennasis@gmail.com with:

• A description of the issue.
• Steps to reproduce (or a proof-of-concept).
• The version or commit SHA you found it against.
• Any suggested mitigation if you have one.

Expect an acknowledgement within a week. This is a side-project — there is no bug bounty and no SLA — but security issues are taken seriously and a fix and disclosure will be coordinated with you.

• Issues in upstream dependencies (report upstream).
• Misconfiguration by consumers of this project.