We provide security updates for the latest released version on the main branch.

If you discover a security vulnerability in this project, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please email chanmeng.dev@gmail.com with:

• A description of the vulnerability
• Steps to reproduce or a proof of concept
• The potential impact
• A suggested fix, if you have one

• Acknowledgment: within 48 hours of receiving your report
• Assessment: within 7 days we will confirm the issue and assess severity
• Resolution: we aim to release a fix within 30 days for confirmed vulnerabilities

Security concerns most likely to apply to this project include:

• Injection or insecure handling of user-supplied input
• Exposure or leakage of sensitive data
• Dependencies with known vulnerabilities

We appreciate responsible disclosure. With your permission, contributors who report valid security issues will be acknowledged in the project.