We actively maintain security support for the following branches and releases:

• master (unstable, always contains the latest fixes)
• v5.6 (current stable series): receives all critical and high-severity fixes

Users are encouraged to upgrade to the latest v5.6 release.

If you discover a security vulnerability in this project, please do NOT open a public issue. Instead, choose one of these private channels:

1. Go to our repository’s “Security” → “Advisories” tab.
2. Click “Create a new draft security advisory”, fill in the details (description, reproduction steps, impact).
3. We will triage your report and coordinate fixes via the advisory.

Send an encrypted report to mrtckr008@gmail.com.
Include:

• Affected version(s)
• Detailed reproduction steps or proof-of-concept
• Your contact information for follow-up

1. Acknowledgment: We will confirm receipt within 48 hours.
2. Investigation: We assign an engineer and begin root-cause analysis.
3. Fix & Release: A patched release will be published as soon as possible—typically within 7 days for high-severity issues.
4. Disclosure: Once a fix is available, we will publicly disclose the issue and credit the reporter (unless they request anonymity).

If you need an immediate response for an active exploit, please mark your email subject line as “SECURITY EMERGENCY”. We monitor emergency reports 24/7.

We appreciate all security researchers who responsibly disclose vulnerabilities. Thank you for helping keep this project safe!

This project is licensed under the Apache License 2.0. See LICENSE for details.