Security fixes are provided for the latest code on the master branch and the latest package published to NuGet.
Older versions may receive fixes at the maintainer's discretion, but support is not guaranteed.
Please do not report security vulnerabilities through public GitHub issues.
Send a report to me@shibayan.jp with the following information when possible:
- A short description of the issue
- Affected versions
- Reproduction steps or a proof of concept
- Impact assessment
- Any suggested remediation
You can write in either Japanese or English.
Reports will be reviewed as quickly as possible. Initial triage is typically performed within 5 business days.
After the report is validated, the maintainer will coordinate a fix and decide on disclosure timing. Public disclosure before a fix is available may put users at risk, so please allow time for remediation.