The latest main branch is the supported target for security fixes.
| Version | Supported |
|---|---|
latest (main) |
Yes |
| older commits | No |
Do not report vulnerabilities publicly.
Use one of these private channels:
- GitHub Security Advisories for this repository
- Private maintainer security contact configured for this project
- clear description of impact
- affected area (for example: policy, orchestration, GitHub adapter, docs workflow)
- reproducible steps
- proof of concept (if available)
- suggested mitigation (optional)
- secret handling and masking
- token scope and least-privilege permissions
- unsafe or destructive automation paths
- authorization and guardrail bypasses
- injection risks from untrusted input
- sensitive data exposure in logs/reports
- acknowledgement target: within 72 hours
- triage update target: within 7 days
- remediation timeline depends on severity and exploitability
Critical issues are prioritized.
This project follows coordinated disclosure:
- private validation and triage
- fix preparation and review
- advisory publication when appropriate
- reporter credit unless anonymity is requested