Security fixes are applied to the current release line.
| Version | Supported |
|---|---|
| 10.x | ✅ |
| 9.x and earlier | ❌ |
If that support policy changes, this file should be updated with the new maintenance window.
Please do not open public GitHub issues for suspected security vulnerabilities.
Send a private report to mars@moonrise.net with:
- A description of the issue
- The affected package version
- The target framework and hosting model
- Reproduction steps or a minimal proof of concept
- Any known impact or exploitation details
Reports will be reviewed as quickly as possible. If the report is confirmed, remediation and coordinated disclosure guidance will be provided privately.
- Give maintainers reasonable time to investigate and publish a fix before public disclosure.
- Include enough detail to reproduce the problem safely.
- If you are unsure whether an issue is security-sensitive, report it privately first.