Please do not open a public GitHub issue for a security vulnerability.

Instead, use GitHub's private vulnerability reporting feature on this repository.

Include:

• A description of the vulnerability and its impact.
• Steps to reproduce or a proof-of-concept, if possible.
• The versions of LangMigrate and its dependencies you tested against.

We aim to acknowledge receipt within 3 business days and to provide a fix or a public disclosure timeline within 30 days.

Security fixes are applied to the latest minor release. Older minor versions receive security fixes only for critical vulnerabilities and only while resources allow.

Once a fix is released, we publish a security advisory on GitHub and update the CHANGELOG. If you reported the issue, we credit you in the advisory unless you ask us not to.