Security fixes are applied on a best-effort basis to the latest published stable release line on NuGet for each package. Older lines may not receive backports. See SUPPORT.md for general maintenance expectations.
You may report security vulnerabilities through a public GitHub Issue on this repository. Please:
- Use a clear title (for example, prefix with
[SECURITY]). - Describe the impact and affected components or packages.
- Avoid posting working exploit code in the issue body; describe reproduction steps at a high level when practical.
If you prefer private coordination, you may instead open a GitHub Security Advisory for this repository.
There is no SLA, guaranteed response time, or paid handling obligation; triage proceeds as maintainer capacity allows.
We aim to acknowledge reports and coordinate remediation when practical. Timelines cannot be guaranteed because support is best-effort.