This repository is currently in active 0.x development.
| Version | Supported |
|---|---|
main |
Yes |
< 1.0 release tags |
Best effort |
| Older snapshots and feature branches | No |
Please do not open public GitHub issues for security vulnerabilities.
Use GitHub private vulnerability reporting for this repository once it is enabled. If private reporting is not yet available, contact the maintainers directly at the addresses below as a temporary fallback until a dedicated shared security mailbox is provisioned:
oliver.hennhoefer@mail.defernando.saba@gmx.de
Include:
- A clear description of the issue
- Affected components, files, or container images
- Reproduction steps or a proof of concept
- Any impact assessment you already have
We aim to acknowledge receipt of vulnerability reports within 72 hours. After acknowledgement, we will assess the report, coordinate remediation, and work with the reporter on a reasonable disclosure timeline when possible.
If your report includes highly sensitive details and you prefer not to send them over unencrypted email, send a short initial message requesting an encrypted channel. We do not currently publish a repository PGP key in this project, but we will coordinate a secure communication method before asking you to share full technical details.