Security Policy

Reporting a Vulnerability

• Please email security reports to the maintainers listed in GOVERNANCE.md.
• Use responsible disclosure. Do not open public issues for undisclosed vulnerabilities.

Supported Versions

• This is an early-stage project; security fixes are applied to main only.

Disclosure Policy

• We aim to respond within 7 days and release fixes as soon as practical.