Security fixes are provided for the latest major release line.

To report a suspected vulnerability, use one of the channels below:

• Email: security@zeazdev.com
• Backup channel: Open a private security advisory in GitHub for this repository.

Please include:

1. A clear summary of the issue and affected component(s).
2. Reproduction steps or proof-of-concept details.
3. Potential impact and suggested mitigations (if available).
4. Your preferred contact information for follow-up.

• Acknowledgement target: within 2 business days.
• Initial triage target: within 5 business days.
• Status updates: at least every 7 calendar days while remediation is in progress.
• Resolution goal: critical issues are prioritized for the nearest patch release.

• Do not publicly disclose vulnerabilities before a fix is released.
• Coordinated disclosure is preferred.
• Reporters acting in good faith will be credited in release notes unless they request anonymity.

This policy covers code and infrastructure definitions in this repository. Third-party dependencies and external integrations should also be reported if the repository usage introduces exploitable risk.