| Version | Supported |
|---|---|
| 1.x | ✅ |
Do not open a public issue for security vulnerabilities.
Report privately via GitHub Security Advisories.
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial response: 48 hours
- Status update: 7 days
- Resolution target: 30 days (depending on complexity)
- Acknowledgment of your report
- Assessment and reproduction
- Fix development
- Coordinated disclosure (you'll be credited unless you prefer anonymity)
This policy covers:
- The
deploy.shscript - Any officially published releases
Out of scope:
- Third-party forks
- Modifications you've made locally