| Version | Supported |
|---|---|
| Latest Release | ✅ |
| Older Releases | ❌ |
Please do not open public issues for security vulnerabilities.
Instead:
- Open a GitHub Security Advisory if available.
- Contact the maintainers privately.
- Provide:
- A description of the vulnerability
- Steps to reproduce
- Impact assessment
- Suggested mitigation (if known)
Security reports will be:
- Acknowledged as soon as possible.
- Investigated privately.
- Fixed and patched before public disclosure when feasible.
- Credited responsibly unless anonymity is requested.
This policy covers:
- Documentation rendering
- Markdown parsing
- HTML rendering
- Navigation and routing
- Client-side assets
- Build and deployment workflows
Third-party dependencies are covered only to the extent that updates or mitigations can be applied by project maintainers.