Forge supports the current 1.x release line with security fixes. Pre-1.0 releases are unsupported once 1.0.0 is published.
| Version | Supported |
|---|---|
1.x |
Yes |
< 1.0 |
No |
Please do not open a public issue for a suspected vulnerability. Use GitHub's private vulnerability reporting to include reproduction steps, affected versions, impact, and any suggested fix.
You should receive an acknowledgement within three business days. Confirmed issues will be coordinated privately until a fix and security advisory are ready.
Security releases are published across the active Rust, Node.js, and Python packages under the same version. Advisories identify affected versions, mitigations, and the fixed release. Metadata-only reservation packages are not supported runtime bindings.