If you discover a security vulnerability in Thylacine, please report it responsibly via GitHub Security Advisories.

Do not open a public issue for security vulnerabilities.

• Description of the vulnerability
• Steps to reproduce or a proof of concept
• Affected versions (if known)
• Suggested fix (if any)

• Acknowledgement: within 7 days
• Initial assessment: within 14 days
• Fix and disclosure: coordinated with the reporter

Security fixes are applied to the latest release only.