Security fixes are applied on a best-effort basis to the default branch.
Please do not open a public issue for security vulnerabilities.
Report privately to:
@OptimumAF
Include:
- A clear description of the vulnerability
- Reproduction steps and expected impact
- Any proof-of-concept details (minimal and safe)
- Suggested remediation if available
You should receive an acknowledgment within 5 business days. We aim to provide a remediation plan or status update within 14 business days.
We prefer coordinated disclosure. Once fixed, maintainers will publish a security note in
CHANGELOG.md and credit reporters when requested.