Security Policy

Supported versions

Only the latest tagged release is considered supported for security fixes.

Reporting a vulnerability

• For sensitive issues, open a private GitHub security advisory for this repository.
• Preferred path: <https://github.com/kasparsj/triode/security/advisories/new>
• For non-sensitive issues, open a public GitHub issue with reproduction details.

Include:

• affected version or commit
• reproduction steps
• expected vs actual behavior
• proof-of-concept code or logs (if available)

Response goals

• Triage acknowledgement: within 5 business days
• Status update cadence: at least weekly until resolved