Security-sensitive fixes are applied to the default branch of this repository (currently aligned with Open Core releases described in CHANGELOG.md). Older snapshots may not receive backports.

Please do not file a public GitHub issue for security vulnerabilities.

Instead, email monigarr@monigarr.com with:

• A short description of the issue and its impact
• Steps to reproduce (or a proof-of-concept), if safe to share
• Any affected components (e.g. fluvian-sdk-core, demo app, CI scripts)

You should receive an acknowledgment within a few business days. This repository is maintained by a small team; critical issues are prioritized.

Reports are welcome for issues in this repository’s code and documented build/CI paths. Third-party dependencies (Android Gradle Plugin, Media3, etc.) should generally be reported to their respective projects as well.