Skip to content

Security: isala404/forge

Security

SECURITY.md

Security policy

Supported versions

Forge supports the current 1.x release line with security fixes. Pre-1.0 releases are unsupported once 1.0.0 is published.

Version Supported
1.x Yes
< 1.0 No

Reporting a vulnerability

Please do not open a public issue for a suspected vulnerability. Use GitHub's private vulnerability reporting to include reproduction steps, affected versions, impact, and any suggested fix.

You should receive an acknowledgement within three business days. Confirmed issues will be coordinated privately until a fix and security advisory are ready.

Disclosure

Security releases are published across the active Rust, Node.js, and Python packages under the same version. Advisories identify affected versions, mitigations, and the fixed release. Metadata-only reservation packages are not supported runtime bindings.

There aren't any published security advisories