Security fixes are applied on the latest main branch and latest published crate release.
Do not open public issues for security vulnerabilities.
Use GitHub Security Advisories:
- Go to the repository
Securitytab. - Click
Report a vulnerability. - Provide reproduction details, impact, and affected commit/tag.
If Security Advisories are unavailable for your environment, open a minimal issue that asks maintainers for a private reporting channel and do not include exploit details.
- Initial triage acknowledgement target: within 5 business days.
- If accepted, a fix plan and timeline will be shared privately.
- Public disclosure will happen after a fix is available or mitigation guidance is published.