This library follows semantic versioning. Security fixes land on the latest released minor version. While the package is pre-1.0.0, only the most recent tagged release is supported.

Please do not open public issues for security vulnerabilities.

Report privately through one of:

• GitHub's private vulnerability reporting — use "Report a vulnerability" under the repository's Security tab, or
• email michael@middag.io with a description and steps to reproduce.

We aim to acknowledge a report within 5 business days and to share a remediation timeline after triage. Please give us reasonable time to release a fix before any public disclosure.