| Version | Supported |
|---|---|
Current published 0.x package releases |
Yes |
Older 0.x package releases |
Best effort |
| Unpublished code, forks, or unsupported package lines | No |
Packages are versioned and released independently. Security fixes normally target the latest published release line for the affected package, and maintainers may ask reporters to verify the issue against the current release before coordinating a fix.
Use GitHub private vulnerability reporting if it is enabled for the affected repository.
If private vulnerability reporting is not available, open a minimal issue without exploit details. Maintainers will coordinate privately before public disclosure.
Security reports and follow-up repository artifacts should be written in English. Do not include public proof-of-concept details, credentials, private tokens, or exploit instructions in public issues, pull requests, commits, or release notes.