| Version | Supported |
|---|---|
| 1.0.x | Yes |
| 0.12.x | Best-effort |
| < 0.12 | No |
If you discover a security vulnerability, please report it via a private security advisory on GitHub.
Do not open a public issue for security vulnerabilities.
You should receive a response within 48 hours. If the vulnerability is confirmed, a fix will be released as soon as possible.
This policy covers the plugin code, MCP server, and NPM package in this repository. It does not cover third-party dependencies, though we will coordinate with upstream maintainers if a dependency vulnerability affects this project.