Security fixes are applied to the latest active development line.
Please do not open a public issue for security vulnerabilities.
Report privately:
- Open a GitHub Security Advisory (preferred), or
- Email:
jonathan@putney.io
Please include:
- Affected module(s)
- Reproduction details
- Impact assessment
- Suggested mitigation (if known)
- Initial acknowledgement target: within 5 business days.
- Triage and fix timeline depends on severity and complexity.
- Coordinated disclosure is preferred.