Security fixes are applied to the latest supported main branch release line. Older versions may not receive patches.

Please report suspected vulnerabilities privately.

• Preferred: email security@scalytics.io
• Include:
  • affected component(s)
  • reproduction steps or proof of concept
  • impact assessment
  • any suggested remediation

Do not open public GitHub issues for vulnerabilities.

• Initial triage acknowledgment target: within 3 business days.
• Status updates are provided as investigation proceeds.
• Validated issues will be remediated and released based on severity and risk.

We follow coordinated disclosure:

• report received privately
• issue validated and fixed
• release shipped
• public disclosure after fix availability