Only the latest release receives security updates. Users are encouraged to stay on the most recent version.

Please do not report security vulnerabilities through public GitHub issues.

Instead, use GitHub Security Advisories to report vulnerabilities privately. This ensures the issue can be triaged and a fix prepared before public disclosure.

When reporting, please include:

• A description of the vulnerability and its potential impact
• Steps to reproduce or a proof-of-concept
• The version(s) affected
• Any suggested fix, if you have one

You should receive an initial response within 72 hours acknowledging receipt. Once the issue is confirmed, a fix will be developed and released as soon as practical, typically within 14 days for critical issues.

• Vulnerabilities in upstream dependencies (please report those to the upstream project; this repository forwards Dependabot security alerts automatically)
• Issues requiring physical access to the host machine
• Denial of service through expected resource usage