We actively support security updates for the following versions:

If you discover a security vulnerability in this project, please report it responsibly. We appreciate your help in keeping our users safe.

• Do not create public GitHub issues for security vulnerabilities.
• Email us at Faye with details about the vulnerability.
• Include:
• A description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (optional)

• We will acknowledge receipt of your report within 48 hours.
• We will provide regular updates on our progress (at least every 7 days) until the issue is resolved.
• We will credit you (if desired) once the vulnerability is fixed and publicly disclosed.
• We follow a 90-day disclosure timeline from the initial report.

• Once fixed, we will publish a security advisory on GitHub.
• We will not disclose vulnerability details until a fix is available.
• We encourage coordinated disclosure with the security community.

For questions about this policy, email Faye.