Please report suspected security vulnerabilities privately through GitHub Security Advisories. Do not open public issues, discussions, or pull requests for security vulnerabilities.
If GitHub private vulnerability reporting is not available for your environment, contact the maintainers privately through the repository owner.
Include as much detail as you can:
- Affected package name and version.
- Affected branch, tag, or commit.
- Steps to reproduce the issue.
- Expected and actual behavior.
- Impact and any known workaround.
- Proof-of-concept code, logs, or stack traces when safe to share.
Maintainers will acknowledge valid reports as soon as practical, investigate privately, and coordinate a fix and disclosure timeline based on severity and exploitability.
Security fixes may be released as patched NuGet packages and documented through GitHub Security Advisories when appropriate.
Only the latest published stable package line receives security fixes unless a separate support policy is announced.
| Version | Supported |
|---|---|
| 1.x | Yes |
| 0.x prereleases | No |